Sec. 47. The access control policy must identify all persons to whom access is granted and the specific functions and data to which each holds authorized access. If an authorization is limited to a specific time, time interval, or phase of the voting or counting operations, this limitation must also be specified.

As added by P.L.3-1997, SEC.332.