This objective ensures your organization has formally documented who is authorized to access systems—especially those processing, storing, or transmitting Controlled Unclassified Information (CUI). This documentation must clearly connect users, their assigned systems, and their approved roles.