AC-3(2): Dual Authorization

Control Family:

Access Control

Parent Control:

AC-3: Access Enforcement

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

PR.AC-4
PR.AC-6
PR.PT-3

Threats Addressed:

Repudiation
Elevation of Privilege

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
AC-3(2): Dual Authorization

Control Statement

The information system enforces dual authorization for [Assignment: organization-defined privileged commands and/or other organization-defined actions].

Supplemental Guidance

Dual authorization mechanisms require the approval of two authorized individuals in order to execute. Organizations do not require dual authorization mechanisms when immediate responses are necessary to ensure public and environmental safety. Dual authorization may also be known as two-person control.