This objective ensures that your organization has formally documented the security controls used to protect Controlled Unclassified Information (CUI) when it is transported—whether digitally or physically. The documentation must outline specific practices, technologies, and rules to prevent data loss, exposure, or unauthorized access in transit.