2.9.2-1 Encryption

When sensitive data may be exposed to unauthorized access, a capability for encrypting those data should be provided.

Additional Information:
Since potential exposure may be assumed during any external data transmission, encryption should be imposed routinely by the computer. Users should not be relied upon to request encryption. For protection of data within a shared system, a user might choose to encrypt private files to prevent their reading by other people. In such a case, the user must specify a private encryption "key," which will then serve as the basis for automatic encryption by the computer.