CM-05(04) Dual Authorization
Enforce dual authorization for implementing changes to cm-5.4_prm_1.
| Parameter ID | Definition |
|---|---|
| cm-5.4_prm_1 | organization-defined system components and system-level information |
| cm-05.04_odp.01 | system components |
| cm-05.04_odp.02 | system-level information |
Baselines
- L
- M
- H
- P
Guidance
Organizations employ dual authorization to help ensure that any changes to selected system components and information cannot occur unless two qualified individuals approve and implement such changes. The two individuals possess the skills and expertise to determine if the proposed changes are correct implementations of approved changes. The individuals are also accountable for the changes. Dual authorization may also be known as two-person control. To reduce the risk of collusion, organizations consider rotating dual authorization duties to other individuals. System-level information includes operational procedures.
Related controls 3
- AC-02 Account Management L M H P
- AC-05 Separation of Duties L M H P
- CM-03 Configuration Change Control L M H P