When validating CHD transmission security, which configuration check is required?

The essential idea is to ensure cardholder data in transit is protected by only enabling secure cryptographic protocols and by explicitly disabling any insecure versions or configurations. This verification step checks the actual system settings, not just documentation, and confirms that weak or deprecated protocols are not in use. For CHD transmission, you want current, strong crypto in place (for example, TLS 1.2 or higher with strong cipher suites) and you must turn off SSL and older TLS versions. This is why the correct approach is to validate configurations to enforce secure protocols and disable insecure ones. Relying on vendor docs, assuming configurations are secure without testing, or ignoring protocol versions would fail to protect data in transit.