AC-3(2): Dual Authorization

Control Family:

Access Control

CSF v1.1 References:


(Not part of any baseline)

Next Version:

Control Statement

The information system enforces dual authorization for [Assignment: organization-defined privileged commands and/or other organization-defined actions].

Supplemental Guidance

Dual authorization mechanisms require the approval of two authorized individuals in order to execute. Organizations do not require dual authorization mechanisms when immediate responses are necessary to ensure public and environmental safety. Dual authorization may also be known as two-person control.