← Back to catalog
CA-6(1)

Joint Authorization — Intra-organization

Assessment, Authorization, and Monitoring (CA)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Employ a joint authorization process for the system that includes multiple authorizing officials from the same organization conducting the authorization.

Discussion

Assigning multiple authorizing officials from the same organization to serve as co-authorizing officials for the system increases the level of independence in the risk-based decision-making process. It also implements the concepts of separation of duties and dual authorization as applied to the system authorization process. The intra-organization joint authorization process is most relevant for connected systems, shared systems, and systems with multiple information owners.

Implementation guidance

No content available.

CSF 2.0 crosswalk

No CSF mappings exist for this control.