This objective requires a technical review of your system configurations to confirm that access restrictions are actually enforced by the systems themselves. It’s the final check that proves your access control policies and procedures are reflected in real system settings.