4.10 User and data attributes and policy information cannot be manipulated unauthorizedΒΆ

Verify that all user and data attributes and policy information used by access controls cannot be manipulated by end users unless specifically authorized.

Levels: 2, 3