Enforce access control decisions based on [Assignment: organization-defined security or privacy attributes] that do not include the identity of the user or process acting on behalf of the user.
ID | Name | Description | D3FEND |
ID | Description |
Requirement | Rationale/Additional Guidance/Notes |
---|
ID | Name | Description |
---|