CCI-002355
Enforce access control decisions based on organization-defined security or privacy attributes that do not include the identity of the user or process acting on behalf of the user.
Enforce access control decisions based on organization-defined security or privacy attributes that do not include the identity of the user or process acting on behalf of the user.