CP-9(7)

  • Requirement

    Enforce dual authorization for the deletion or destruction of [Assignment: organization-defined backup information].

  • Discussion

    Dual authorization ensures that deletion or destruction of backup information cannot occur unless two qualified individuals carry out the task. Individuals deleting or destroying backup information possess the skills or expertise to determine if the proposed deletion or destruction of information reflects organizational policies and procedures. Dual authorization may also be known as two-person control. To reduce the risk of collusion, organizations consider rotating dual authorization duties to other individuals.

More Info

  • Title

    System Backup | Dual Authorization for Deletion or Destruction
  • Family

    Contingency Planning
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

      AC-3;AC-5;MP-2

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!