4.3.5 - Coverage by access control policies and deny by default otherwise #2063
Labels
1) Discussion ongoing
Issue is opened and assigned but no clear proposal yet
V4
Temporary label for grouping authorization related issues
_5.0 - prep
This needs to be addressed to prepare 5.0
Note: This is referenced as 4.3.7 in #2033 but has updated numbering
This requirement addresses two parts: there should not be any objects that don't have their access undefined, but if there is, deny by default. Because this cannot exactly be penetration tested, it is L2 and L3.
The text was updated successfully, but these errors were encountered: