Our company was to comply with NIST SP 800-171 3.5.10 "Store and transmit only encrypted representation of passwords" and we have 3 questions that you can possibly help us.
1.) Are passwords prevented from being stored in reversible encryption form?
2.) Are passwords stored as one-way hashes constructed from "salted" passwords?
3.) Are passwords encrypted in storage and in transmission?
