AU-9(5)

  • Requirement

    Enforce dual authorization for [Selection (one or more): movement; deletion] of [Assignment: organization-defined audit information].

  • Discussion

    Organizations may choose different selection options for different types of audit information. Dual authorization mechanisms (also known as two-person control) require the approval of two authorized individuals to execute audit functions. To reduce the risk of collusion, organizations consider rotating dual authorization duties to other individuals. Organizations do not require dual authorization mechanisms when immediate responses are necessary to ensure public and environmental safety.

More Info

  • Title

    Protection of Audit Information | Dual Authorization
  • Family

    Audit and Accountability
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

      AC-3

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!