B.3.2. Organization Security Policies

Authorized Use of Information
Information shall be used only for its authorized purpose(s).
Cryptography
FIPS-approved or NIST-recommended cryptographic functions shall be used to perform all cryptographic operations.