The information system enforces one or more organization-defined nondiscretionary access control policies over an organization-defined set of users and resources.
No STIG checks reference this CCI.