OK, let me rephrase: as a senior manager within the broadly-defined technology security function of a large US company (that is not a defense contractor), I care, as does our board of directors.

I must be idealistic in expecting a senior manager to do better than "Do what you're told because we told you".

I don't think it's that. Supposing an employee had access to approve and pay invoices for a US company, and then moved to a country that had no extradition treaty with the US.

I wouldn't be surprised if there were worries about someone working from a sanctioned country as well. Would paying their wages break sanctions?

This is pretty naive to say on the same day that Okta was told they can't operate in certain regions.

The SEC and Shareholders care if you go against NIST guidelines.