Navigate

CP-9(7)

CP-9(7): Dual Authorization

The organization enforces dual authorization for the deletion or destruction of [organization-defined backup information].

Supplemental

Dual authorization ensures that the deletion or destruction of backup information cannot occur unless two qualified individuals carry out the task. Individuals deleting/destroying backup information possess sufficient skills/expertise to determine if the proposed deletion/destruction of backup information reflects organizational policies and procedures. Dual authorization may also be known as two-person control.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
None

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to CP-9(7).

Control	Description
AC-3	The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
MP-2	The organization restricts access to [organization-defined types of digital and/or non-digital media] to [organization-defined personnel or roles].

Enhancements

The controls below (if any) add on to the requirements of CP-9(7).

Control	Description
No controls

Related CCIs

The CCIs below are tied to CP-9(7).

CCI	Definition
CCI-002851	Defines the backup information that requires dual authorization for deletion or destruction.
CCI-002852	Enforce dual authorization for the deletion or destruction of organization-defined backup information.