AC-3(2): Dual Authorization

Control Family:

Access Control

Parent Control:

AC-3: Access Enforcement

CSF v1.1 References:

PR.AC-4
PR.PT-3

Threats Addressed:

Repudiation
Elevation of Privilege

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
AC-3(2): Dual Authorization

Control Statement

Enforce dual authorization for [Assignment: organization-defined privileged commands and/or other organization-defined actions].

Supplemental Guidance

Dual authorization, also known as two-person control, reduces risk related to insider threats. Dual authorization mechanisms require the approval of two authorized individuals to execute. To reduce the risk of collusion, organizations consider rotating dual authorization duties to other individuals. Organizations consider the risk associated with implementing dual authorization mechanisms when immediate responses are necessary to ensure public and environmental safety.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5