DOD Instruction 5200.48 Controlled Unclassified Information (CUI) Practice Exam

Encryption protects CUI by making it unreadable to anyone who doesn’t have the key. For CUI, the protection must cover both storage and transmission. When data rests on a device or in a repository, encryption helps guard against theft or unauthorized access to the storage medium. When data moves across networks, encryption protects it from interception, eavesdropping, or tampering. Using approved encryption means applying vetted algorithms and key management that meet baselines such as NIST standards and DoD guidance, ensuring interoperability and auditable compliance. The phrase “where applicable” recognizes that there may be specific constraints in some environments, but the standard expectation is to encrypt for both at rest and in transit whenever feasible. Therefore, require approved encryption for both states of CUI to maintain confidentiality throughout the data’s lifecycle.