CA-6(1)

  • Requirement

    Employ a joint authorization process for the system that includes multiple authorizing officials from the same organization conducting the authorization.

  • Discussion

    Assigning multiple authorizing officials from the same organization to serve as co-authorizing officials for the system increases the level of independence in the risk-based decision-making process. It also implements the concepts of separation of duties and dual authorization as applied to the system authorization process. The intra-organization joint authorization process is most relevant for connected systems, shared systems, and systems with multiple information owners.

More Info

  • Title

    Authorization | Joint Authorization — Intra-organization
  • Family

    Assessment, Authorization, and Monitoring
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

      AC-6

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!