jeffblank
commented
10 years ago If it doesn't store any sensitive data then it doesn't need to use file encryption. could you add "to protect all sensitive data it stores." to the end of the req title and consider it solved? (am i understanding the question?)
The application shall [selection : use platform-provided cryptographic libraries, implement additional requirements from the File Encryption Protection Profile ]
What if it makes SSL tunnels and does not do any file encryption? Does it still have to follow the PP?