Require that the developer of an organization-defined system, system component, or system service has appropriate access authorizations as determined by assigned organization-defined official government duties.
No STIG checks reference this CCI.