Navigate

CCI-002852

CCI-002852 Definition

Enforce dual authorization for the deletion or destruction of organization-defined backup information.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process for dual authorization for the deletion or destruction of backup information defined in CP-9 (7), CCI 2851. The organization must maintain a record of deletion or destruction of information defined in CP-9 (7), CCI 2851.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process and record of deletion and destruction to ensure the organization being inspected/assessed enforces dual authorization for the deletion or destruction of backup information defined in CP-9 (7), CCI 2851.

Compelling Evidence

1.) Signed and dated contingency plan, referencing section which documents the backup information that requires dual authorization for deletion or destruction.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002852.

Control	Description
CP-9(7)	The organization enforces dual authorization for the deletion or destruction of [organization-defined backup information].