MP-6(7)

  • Requirement

    Enforce dual authorization for the sanitization of [Assignment: organization-defined system media].

  • Discussion

    Organizations employ dual authorization to help ensure that system media sanitization cannot occur unless two technically qualified individuals conduct the designated task. Individuals who sanitize system media possess sufficient skills and expertise to determine if the proposed sanitization reflects applicable federal and organizational standards, policies, and procedures. Dual authorization also helps to ensure that sanitization occurs as intended, protecting against errors and false claims of having performed the sanitization actions. Dual authorization may also be known as two-person control. To reduce the risk of collusion, organizations consider rotating dual authorization duties to other individuals.

More Info

  • Title

    Media Sanitization | Dual Authorization
  • Family

    Media Protection
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

      AC-3;MP-2

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!