A policy that requires that every person who accesses sensitive information be held accountable for his or her actions. A method for identity authentication is required.
Sources:
NIST SP 800-152