CA-06(01) Joint Authorization — Intra-organization
Employ a joint authorization process for the system that includes multiple authorizing officials from the same organization conducting the authorization.
Assigning multiple authorizing officials from the same organization to serve as co-authorizing officials for the system increases the level of independence in the risk-based decision-making process. It also implements the concepts of separation of duties and dual authorization as applied to the system authorization process. The intra-organization joint authorization process is most relevant for connected systems, shared systems, and systems with multiple information owners.
Related controls 1
- AC-06 Least Privilege L M H P