AU-9 (5) Protection Of Audit Information | Dual Authorization
The organization enforces dual authorization for [Selection (one or more): movement; deletion] of [Assignment: organization-defined audit information].
Applicable CNSSI 1253 Baselines
Confidentiality
- L
- M
- H
Integrity
- L
- M
- H
Availability
- L
- M
- H
Supplemental Guidance
Organizations may choose different selection options for different types of audit information. Dual authorization mechanisms require the approval of two authorized individuals in order to execute. Dual authorization may also be known as two-person control.