Review the organization's site security plan and documentation to determine whether there is a list of current authorized users. If a current list of authorized users is missing from the site security plan for the test and development environment, this is a finding.
If there isn't any application development occurring in the zone environment, this requirement is not applicable.
Fix Text (F-44630r2_fix)
Document all authorized users with access to the development environment and access to source code. If the documentation exists but is not current, bring the documentation up to date.