Policy Enforcement Point (PEP) is a mechanism (e.g., access control mechanism of a file system or Web server) that actually protects (in terms of controlling access to) the resources exposed by Web services.
Source: https://csrc.nist.gov/glossary/term/policy_enforcement_point