As a Service Mesh user, I have documentation that guides me in validating that traffic is encrypted via Kiali.

In the security section, add steps to validate that traffic is encrypted via Kiali (and/or Grafana if necessary).

https://docs.openshift.com/container-platform/4.9/service_mesh/v2x/ossm-security.html#ossm-security-mtls_ossm-security

Assembly file = ossm-security.adoc

Add new module - Validating encryption with Kiali 

Related upstream content

https://istio.io/latest/docs/ops/best-practices/security/#mutual-tls  Istio will automatically encrypt traffic using Mutual TLS whenever possible. However, proxies are configured in permissive mode by default, meaning they will accept both mutual TLS and plaintext traffic.

https://kiali.io/docs/features/security/  How Kiali visualizes mTLS

https://kiali.io/docs/faq/graph/#which-lock-icons-should-i-see-when-i-enable-the-kiali-graph-security-display-option