The information system controls access based upon organization-defined roles authorized to assume such roles, employing the organization-defined role-based access control policy.
No STIG checks reference this CCI.