R12 requirement is not prescriptive enough

[atoulme]

R12 states "A BPI MUST support cryptographic algorithms based on commonly used and security-audited libraries."

Is there a way to be more precise here? Can this refer to controls that are more specific to the use of cryptography in Baseline?

[atoulme]

R14 feels more adequate and precise than R12.

[chaals]

Agree R14 is better, but that's also pretty vague. Certainly there is no obvious need for both.

[Therecanbeonlyone1969]

Closing. Addressed with merged PR https://github.com/eea-oasis/baseline-standard/pull/173