ASVS Requirement 8.1.4

• Level: 3
• Chapter: V8 Authorization
• Section: V8.1 Authorization Documentation
• Source: 0x17-V8-Authorization.md

Description

Verify that authentication and authorization documentation defines how environmental and contextual factors are used in decision-making, in addition to function-level, data-specific, and field-level authorization. This should include the attributes evaluated, thresholds for risk, and actions taken (e.g., allow, challenge, deny, step-up authentication).