4.10 User and data attributes and policy information cannot be manipulated unauthorizedΒΆ
Verify that all user and data attributes and policy information used by access controls cannot be manipulated by end users unless specifically authorized.
Levels: 2, 3