CP-9(7): Dual Authorization

Control Family:

Contingency Planning

CSF v1.1 References:

Threats Addressed:


(Not part of any baseline)

Next Version:

Control Statement

The organization enforces dual authorization for the deletion or destruction of [Assignment: organization-defined backup information].

Supplemental Guidance

Dual authorization ensures that the deletion or destruction of backup information cannot occur unless two qualified individuals carry out the task. Individuals deleting/destroying backup information possess sufficient skills/expertise to determine if the proposed deletion/destruction of backup information reflects organizational policies and procedures. Dual authorization may also be known as two-person control.