ASVS Requirement 16.3.2

• Level: 2
• Chapter: V16 Security Logging and Error Handling
• Section: V16.3 Security Events
• Source: 0x25-V16-Security-Logging-and-Error-Handling.md

Description

Verify that failed authorization attempts are logged. For L3, this must include logging all authorization decisions, including logging when sensitive data is accessed (without logging the sensitive data itself).