Navigate

MP-6 (7)

MP-6 (7): Dual Authorization

The organization enforces dual authorization for the sanitization of [Assignment: organization-defined information system media].

Supplemental

Organizations employ dual authorization to ensure that information system media sanitization cannot occur unless two technically qualified individuals conduct the task. Individuals sanitizing information system media possess sufficient skills/expertise to determine if the proposed sanitization reflects applicable federal/organizational standards, policies, and procedures. Dual authorization also helps to ensure that sanitization occurs as intended, both protecting against errors and false claims of having performed the sanitization actions. Dual authorization may also be known as two-person control.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
NC3

Related Controls

The controls below (if any) were marked by NIST as being related to MP-6 (7).

Control	Description
AC-3	The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
MP-2	The organization restricts access to [Assignment: organization-defined types of digital and/or non-digital media] to [Assignment: organization-defined personnel or roles].

Enhancements

The controls below (if any) add on to the requirements of MP-6 (7).

Control	Description
No controls

Related CCIs

The CCIs below are tied to MP-6 (7).

CCI	Definition
CCI-002573	The organization enforces dual authorization for the sanitization of organization-defined information system media.
CCI-002574	The organization defines the information system media that dual authorization is enforced for sanitization.