|
|
|
|
|
|
by JoshTriplett
1199 days ago
|
|
|
Don't mandate them, just mandate that if you use known-deficient practices you're presumed negligent if an incident occurs. Then issue some guidelines for known best practices and known bad practices, and make it clear that using something newer/better is fine, just not using something on the "known bad" list. (For instance, best practices are to use two-factor authentication with one component being physical security; one-factor with a password is known-bad.) |
|
|