Data in Transit

Data in transit refers to data that is being transmitted across a network — between your systems, to cloud services, between offices, or to external parties. Protecting data in transit means encrypting it so that anyone intercepting the network traffic cannot read the content.

For CUI, FIPS-validated encryption of data in transit is a CMMC requirement. This is typically achieved through TLS 1.2+ for web traffic, VPN tunnels for remote access, and encrypted email for CUI transmitted via email. The encryption must use FIPS-validated cryptographic modules.

Why It Matters

CUI transmitted without encryption is exposed to interception. CMMC assessors will verify that all pathways where CUI travels — between systems, to the cloud, over VPN, via email — are protected with FIPS-validated encryption.