Add a control for cryptography use #365
Description
In the discussion of #302 in this week's meeting, we agreed that it is worth entertaining a proposal for a control regarding:
Crypto - Badges touches on this, PCI speaks at length about requirements around it. Do we want to add anything in Baseline to speak to this?
Specifically, this is for the use of cryptography in the development process (e.g. signing). How the software being developed uses cryptography is important, but out of scope for Baseline.