2.26 Sensitive operations are sufficiently protected

Verify re-authentication, step up or adaptive authentication, two factor authentication, or transaction signing is required before any application-specific sensitive operations are permitted as per the risk profile of the application.

Levels: 2, 3