A security analyst is reviewing a third-party assessment report and notes that the vendor's encryption algorithms are outdated. The contract requires the vendor to follow industry best practices. Which of the following is the BEST response?
Directly asking the vendor to comply with the contract's best-practice clause is the most appropriate first step.
Why this answer
Option A is correct because the contract establishes the requirement, and requesting an upgrade is the proper first step to remedy the deficiency.