This objective ensures that the security functions you’ve documented and designed as separate modules are actually being used in your live environment—not just planned or referenced. These functions should be operational, protected, and performing their intended role in safeguarding Controlled Unclassified Information (CUI).