4.1.4 The principle of deny by default exists
Verify that the principle of deny by default exists whereby new users/roles start with minimal or no permissions and users/roles do not receive access to new features until access is explicitly assigned. (C7)
| Level 1 |
X |
| Level 2 |
X |
| Level 3 |
X |