← Back to catalog
AU-9(5)
Dual Authorization
Audit and Accountability (AU)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description
Enforce dual authorization for [assignment] of [assignment].
Discussion
Organizations may choose different selection options for different types of audit information. Dual authorization mechanisms (also known as two-person control) require the approval of two authorized individuals to execute audit functions. To reduce the risk of collusion, organizations consider rotating dual authorization duties to other individuals. Organizations do not require dual authorization mechanisms when immediate responses are necessary to ensure public and environmental safety.
Implementation guidance
No content available.
CSF 2.0 crosswalk
No CSF mappings exist for this control.