A system entity that requests and subsequently enforces authorization decisions.
Sources:
CNSSI 4009-2015
from
NISTIR 7657
Mechanism (e.g., access control mechanism of a file system or Web server) that actually protects (in terms of controlling access to) the resources exposed by Web services.
Sources:
NIST SP 800-95
under Policy Enforcement Point (PEP)
from
OASIS: A Brief Introduction to XACML
A network device on which policy decisions are carried out or enforced.
Sources:
NIST SP 1800-15B
under Policy Enforcement Point (PEP)
NIST SP 1800-15C
under Policy Enforcement Point