This objective ensures that your organization not only uses encryption to protect Controlled Unclassified Information (CUI) in transit—but that encryption is enforced, meaning it cannot be bypassed, disabled, or inconsistently applied across systems or users.