MP-6(7): Dual Authorization

Control Family:

Media Protection

CSF v1.1 References:


(Not part of any baseline)

Next Version:

Control Statement

The organization enforces dual authorization for the sanitization of [Assignment: organization-defined information system media].

Supplemental Guidance

Organizations employ dual authorization to ensure that information system media sanitization cannot occur unless two technically qualified individuals conduct the task. Individuals sanitizing information system media possess sufficient skills/expertise to determine if the proposed sanitization reflects applicable federal/organizational standards, policies, and procedures. Dual authorization also helps to ensure that sanitization occurs as intended, both protecting against errors and false claims of having performed the sanitization actions. Dual authorization may also be known as two-person control.