CCI-002152

Implementation Guidance

Determine if dual authorization is enforced for [AC-03(02)_ODP; privileged commands and/or other actions requiring dual authorization are defined].

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing access enforcement and dual authorization; system design documentation; system configuration settings and associated documentation; list of privileged commands requiring dual authorization; list of actions requiring dual authorization; list of approved authorizations (user privileges); system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with access enforcement responsibilities; system/network administrators; organizational personnel with information security responsibilities; system developers]. Test: [SELECT FROM: Dual authorization mechanisms implementing access control policy].