AC-3(2)—Access Enforcement
Technical
>Control Description
ACCESS ENFORCEMENT | DUAL AUTHORIZATION The information system enforces dual authorization for ⚙organization-defined privileged commands and/or other organization-defined actions.
>Supplemental Guidance
Dual authorization mechanisms require the approval of two authorized individuals in order to execute. Organizations do not require dual authorization mechanisms when immediate responses are necessary to ensure public and environmental safety. Dual authorization may also be known as two-person control.
Related controls: CP-9, MP-6.
>Tailoring Guidance
This security control/enhancement specifies a very specialized and/or advanced capability that is not required for all systems. Consequently, inclusion in a departmental profile is made on a case by case basis. Dual authorization mechanisms are applicable to specialized systems such as a key management system.
Ask AI
Configure your API key to use AI features.