CMMC Practice AC.3.014
Employ cryptographic mechanisms to protect the confidentiality of remote access sessions.
Bold Coast Security Guidance
Most VPN solutions will have a FIPS-validated encryption solution available, but you must be sure your VPN connection only uses up-to-date encryption protocols. Check with NIST or the VPN vendor on an annual basis to ensure that nothing has been depreciated.
DRAFT NIST SP 800-171 R2
Cryptographic standards include FIPS-validated cryptography and NSA-approved cryptography.