A system entity that requests and subsequently enforces authorization decisions.
CNSSI 4009-2015 from NISTIR 7657
Mechanism (e.g., access control mechanism of a file system or Web server) that actually protects (in terms of controlling access to) the resources exposed by Web services.
NIST SP 800-95 under Policy Enforcement Point (PEP) from OASIS: A Brief Introduction to XACML
A network device on which policy decisions are carried out or enforced.
NIST SP 1800-15B under Policy Enforcement Point (PEP)
NIST SP 1800-15C under Policy Enforcement Point