Yes, typically "visibility" is the euphemism used by these people for a technology where they get to decrypt the data in a side channel, either in real time or perhaps from archives for a period.
e.g. You might own a fibre splitter, take the real data going back and forth between clients and your servers, and just copy it - you can't change the data, those photons left, but you get the same data, and with RSA you could just give an inspection device your private key and it can decrypt all that traffic no problem.
But without RSA that won't work, and this NIST standard I think specifies how to do it "correctly" with ephemeral keys, which means having a system that is tracking all those keys.
This means the NIST recommended solution costs more to do than the "old way". But, the banks and similar institutions which demand this are the ones paying for that, not you. And in exchange for that higher cost, this enables Forward Secrecy (data I stole from this system on Tuesday can't be used to decrypt a session on Thursday) and it also significantly bloats the data needed to compromise the whole system - want to read every transaction? You're going to need a lot of space for that whereas with RSA it was a single 4096-bit RSA key.
Huh, I'd never considered that but it makes sense that some scenarios might require "MITMing your own traffic" in production (i.e. not just developers PCAPing their own browser HTTPs traffic). Thank you for the explanation!
