CCI-002852

Enforce dual authorization for the deletion or destruction of organization-defined backup information.

Implementation Guidance

Determine if dual authorization for the deletion or destruction of [CP-09(07)_ODP; backup information for which to enforce dual authorization in order to delete or destroy is defined] is enforced.

Validation Procedures

Examine: [SELECT FROM: Contingency planning policy; procedures addressing system backup; contingency plan; system design documentation; system configuration settings and associated documentation; system generated list of dual authorization credentials or rules; logs or records of deletion or destruction of backup information; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with system backup responsibilities; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Mechanisms supporting and/or implementing dual authorization; mechanisms supporting and/or implementing the deletion/destruction of backup information].

The controls below (if any) were marked by NIST as being related to CCI-002852.