This objective requires organizations to verify system-level enforcement of access restrictions so that only privileged accounts can perform privileged functions—no exceptions. It connects directly to your technical configurations and access control mechanisms.