diff --git a/avd_docs/aws/elasticache/AVD-AWS-0198/docs.md b/avd_docs/aws/elasticache/AVD-AWS-0198/docs.md
new file mode 100644
index 000000000..87c4daf37
--- /dev/null
+++ b/avd_docs/aws/elasticache/AVD-AWS-0198/docs.md
@@ -0,0 +1,13 @@
+
+Ensure that your AWS ElastiCache Redis clusters have encryption in-transit enabled.
+
+### Impact
+<!-- Add Impact here -->
+
+<!-- DO NOT CHANGE -->
+{{ remediationActions }}
+
+### Links
+- https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html
+
+
diff --git a/internal/rules/policies/cloud/policies/aws/elasticache/enable_in_transit_encryption.rego b/internal/rules/policies/cloud/policies/aws/elasticache/enable_in_transit_encryption.rego
new file mode 100644
index 000000000..9f3a9691b
--- /dev/null
+++ b/internal/rules/policies/cloud/policies/aws/elasticache/enable_in_transit_encryption.rego
@@ -0,0 +1,25 @@
+# METADATA
+# title: "ElastiCache Redis Cluster Encryption In-Transit"
+# description: "Ensure that your AWS ElastiCache Redis clusters have encryption in-transit enabled."
+# scope: package
+# schemas:
+# - input: schema.input
+# related_resources:
+# - https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html
+# custom:
+#   avd_id: AVD-AWS-0198
+#   provider: aws
+#   service: elasticache
+#   severity: HIGH
+#   short_code: enable-in-transit-encryption
+#   recommended_action: "Enable in-transit encryption for ElastiCache clusters"
+#   input:
+#     selector:
+#     - type: cloud
+package builtin.aws.elasticache.aws0198
+
+deny[res] {
+	group := input.aws.elasticache.replicationgroups[_]
+	not group.transitencryptionenabled.value
+	res := result.new("Replication group does not have transit encryption enabled.", group.transitencryptionenabled)
+}
\ No newline at end of file
diff --git a/internal/rules/policies/cloud/policies/aws/elasticache/enable_in_transit_encryption_test.rego b/internal/rules/policies/cloud/policies/aws/elasticache/enable_in_transit_encryption_test.rego
new file mode 100644
index 000000000..8111b454d
--- /dev/null
+++ b/internal/rules/policies/cloud/policies/aws/elasticache/enable_in_transit_encryption_test.rego
@@ -0,0 +1,11 @@
+package builtin.aws.elasticache.aws0198
+
+test_detects_when_disabled {
+	r := deny with input as {"aws": {"elasticache": {"replicationgroups": [{"transitencryptionenabled": {"value": false}}]}}}
+	count(r) == 1
+}
+
+test_when_enabled {
+	r := deny with input as {"aws": {"elasticache": {"replicationgroups": [{"transitencryptionenabled": {"value": true}}]}}}
+	count(r) == 0
+}
\ No newline at end of file