What are the information security requirements for removable media?

At this time, removable storage devices (e.g., USB hard drives, USB flash memory) are exempt from encryption requirements. Nonetheless, if a device is being used to store (e.g., to back up) High Risk Data, every effort should be made to encrypt it, and to keep it physically secure.