03.04.12 — (a) Issue systems or system components with the following configurations to individuals traveling to high-risk locations: {{ insert: param, A.03.04.12.ODP.01 }}. (b) Apply the following security requirements to the systems or components when the individuals return from travel: {{ insert: param, A.03.04.12.ODP.02 }}.

What this control requires

(a) Issue systems or system components with the following configurations to individuals traveling to high-risk locations: {{ insert: param, A.03.04.12.ODP.01 }}. (b) Apply the following security requirements to the systems or components when the individuals return from travel: {{ insert: param, A.03.04.12.ODP.02 }}.

Source: NIST SP 800-171 R3 §03.04.12 (official control text).

Why this matters

When employees travel to high-risk areas — regions with elevated cyber espionage, physical theft, or border inspection risks — their devices become targets for sophisticated adversaries who may implant malware, clone storage, or exfiltrate credentials. This control mandates issuing travel-specific device configurations before departure and applying rigorous inspection and sanitization procedures upon return. It protects intellectual property, customer data, and network integrity by ensuring devices that enter hostile environments cannot serve as backdoors into your production systems. The control acknowledges that normal security baselines are insufficient when devices cross borders into jurisdictions with aggressive signals intelligence or mandatory device inspection laws.

What evidence assessors expect

Assessors typically look for: PDF, screenshot, photo, CSV export, log file. FORCE coaches you through the exact implementation steps and captures each artifact in-platform.