AC-3(2)
AC-3(2): Dual Authorization
The information system enforces dual authorization for [organization-defined privileged commands and/or other organization-defined actions].
Supplemental
Dual authorization mechanisms require the approval of two authorized individuals in order to execute. Organizations do not require dual authorization mechanisms when immediate responses are necessary to ensure public and environmental safety. Dual authorization may also be known as two-person control.
CIA Levels | |
---|---|
Confidentiality | unknown |
Integrity | unknown |
Availability | unknown |
Overlays |
---|
None |
CSF Categories |
---|
None |