I may be wrong, but the usage and understanding of encryption are one of the weakest areas of cybersecurity. I know some senior people in the industry who struggle to even get past the acronyms. And so it is great to see a new NIST document which relates to setting the best practice for key management [here]: