To what extent should encryption algorithms be discussed in our requirements documents when addressing security issues?

If credit cards will be used, the encryption algorithm to be used should explicitly be stated within the document.

We are not going to address encryption algorithms in our requirements documentation unless particular policies are mandated by the stakeholder.

We are going to code and design security using encryption algorithms in our requirements documentation.