NIST 800-53 describes the use of cryptographic algorithms and software, where both must be certified as strong and correct to pass an auditing process. Data shall only be reached by breaking the isolation of processes, as data-in-use is typically not encrypted for performance and human reasons.
