Implement a reference monitor for organization-defined access control policies that is small enough to be subject to analysis and testing, the completeness of which can be assured.
No STIG checks reference this CCI.