ASVS Requirement 8.1.3

• Level: 3
• Chapter: V8 Authorization
• Section: V8.1 Authorization Documentation
• Source: 0x17-V8-Authorization.md

Description

Verify that the application's documentation defines the environmental and contextual attributes (including but not limited to, time of day, user location, IP address, or device) that are used in the application to make security decisions, including those pertaining to authentication and authorization.