This objective ensures that your organization’s documented encryption methods for protecting Controlled Unclassified Information (CUI) in transit are actually in use. You must demonstrate that data is being encrypted consistently, correctly, and in accordance with your documented policies and standards.