Level N/A
Review and revalidate user access for least privilege and separation of duties with a frequency that is commensurate with organizational risk tolerance.