Comment by tptacek
3 years ago
Yes, I'm familiar. I don't believe that means everything you use that happens to involve cryptography has to comply with that control.
3 years ago
Yes, I'm familiar. I don't believe that means everything you use that happens to involve cryptography has to comply with that control.
At the time we looked at it for a client, in an audit, certain aspects would be at the discretion of the auditor. They are typically pragmatic about this stuff.
That said my original statement was too broad. It’s not an “enterprise” issue, more use case dependent in regulated scenarios.