Navigate

CCI-000354

CCI-000354 Definition

The organization enforces dual authorization for changes to organization-defined information system components.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to enforce dual authorization for changes to information system components defined in CM-5 (4), CCI 353.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed enforces dual authorization for changes to information system components defined in CM-5 (4), CCI 353.

Compelling Evidence

1.) Signed and dated documentation that defines a process to enforce dual authorization for changes to information system components defined in CM-5 (4), CCI 353 2.) Samples of change authorizations

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-000354.

Control	Description
CM-5 (4)	The organization enforces dual authorization for implementing changes to [Assignment: organization-defined information system components and system-level information].