My org needs to implement controls outlined in 800-171. We’re also looking to implement a PKI solution. I understand that cryptography in an 800-171 environment must use FIPS 140-2 validated methods. Is using an approved signature scheme enough? For example, is RSA2048 enough or do I have to use a specific implementation of RSA2048?