AU-9(5): Dual Authorization

Control Family:

Audit And Accountability

Parent Control:

AU-9: Protection Of Audit Information

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

PR.PT-1

Threats Addressed:

Tampering

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
AU-9(5): Dual Authorization

Control Statement

The organization enforces dual authorization for [Selection (one or more): movement; deletion] of [Assignment: organization-defined audit information].

Supplemental Guidance

Organizations may choose different selection options for different types of audit information. Dual authorization mechanisms require the approval of two authorized individuals in order to execute. Dual authorization may also be known as two-person control.