What encryption requirements are specified for documents in transit and at rest under UAP Document 301?

• A. No encryption required.
• B. Encryption at rest only.
• C. Encryption in transit only.
• D. Encryption at rest and in transit for sensitive documents; manage keys per policy.

Answer: (D)

Protecting documents requires encryption in two states: when they are moving across networks and when they are stored. The policy specifies that for sensitive documents, encryption must be applied both in transit and at rest, with keys handled according to the organization’s policy. Encryption in transit shields data from interceptors during transmission, while encryption at rest guards stored copies on servers, devices, and backups. Key management is essential; it ensures only authorized parties can access the keys, keys are rotated, and compromised keys are revoked. The other options fail because they cover only one state or none, leaving either transmission or storage unprotected.