NOAA has (though it may have changed recently) had regulatory control over some types of data collection, such as for any imaging data captured, and indeed had requirements on encryption, both on the link later and even on disk and data encryption for groundstation sites not owned by the operator. It's not a standardized specification for how things are encrypted and it doesn't apply to all data, but there is a process.