Shanni Prutchi

I'll add that Bishop Fox publishes a [cybersecurity style guide](https://images.bishopfox.com/prod-1437/Documents/Guides/Bishop-Fox-Cybersecurity-Style-Guide-V2.pdf) that might be of assistance. I'm open to compiling a style guide or doing grammar and style checks when ready.

Could this be addressed under separation of duties?

I agree with the language introduced by [#1437 (comment)](https://github.com/OWASP/ASVS/issues/1437#issuecomment-1910451384), as it clearly specifies that this only applies where the functionality is supported. If you wanted to do something broader for...

I believe that the extra controls and what necessitates them would be included in the application documentation (perhaps within nonfunctional security requirements, for example). Of course, this requires us to...

I strongly believe that 4.3.3 does not belong in access control. I understand why 4.3.1 is relevant to access control - as access to the admin interface can enable changes...