CP-9 (7)
CP-9 (7) Description
The organization enforces dual authorization for the deletion or destruction of [Assignment: organization-defined backup information].
Supplemental
Dual authorization ensures that the deletion or destruction of backup information cannot occur unless two qualified individuals carry out the task. Individuals deleting/destroying backup information possess sufficient skills/expertise to determine if the proposed deletion/destruction of backup information reflects organizational policies and procedures. Dual authorization may also be known as two-person control.
CIA Levels | |
---|---|
Confidentiality | unknown |
Integrity | unknown |
Availability | unknown |
Overlays |
---|
NC3 |