Request for feedback on ASVS v5 proposal: Move away from strict mapping to NIST

[tghosth]

In ASVS v4, the structure and language used in chapter V2 is very tightly mapped to the relevant NIST document and I think that i hindsight it has made it harder to understand the chapter. In contrast, V3 is also mapped to NIST but is less tightly connected structurally and in the language it uses and I think this this makes it easier to understand.

I would propose trying to take a similar approach for chapter V2 in ASVS v5 and in particular to make sections 2.6-2.9 clearer and shorter.

[cmlh]

If we make this change can we also correlate the section number[s] of NIST 800-63b - Digital Identity Guidelines
so ASVS can't be misinterpreted?