REVIEW.

12 quarterly reviewers assigned across 8 control domains. 4 reviewers approving their own grants (separation-of-duties break). 2 reviews closed in under 60 seconds (rubber-stamping signal).

A review that takes a minute is a control that doesn't exist.

AV-007 · Q3 GitHub admin review SOD BREAK

Reviewer is also the grant holder. Approved in 42 seconds.

Re-assign reviewer, document mitigation, re-run CC6.2 test.