Issue
It looks like we're missing required L1 / L2 evidence for the following requirement:
3.3.1 Application administrative interfaces shall use appropriate multi-factor authentication
Recommendation
Based on our last feedback round, we had suggested requesting documentation evidence for both L1 and L2 levels since this isn't likely going to be directly testable by the labs.
Issue It looks like we're missing required L1 / L2 evidence for the following requirement:
Recommendation Based on our last feedback round, we had suggested requesting documentation evidence for both L1 and L2 levels since this isn't likely going to be directly testable by the labs.