>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CM-5(4)Access Restrictions For Change

Operational

>Control Description

ACCESS RESTRICTIONS FOR CHANGE | DUAL AUTHORIZATION The organization enforces dual authorization for implementing changes to organization-defined information system components and system-level information.

>Supplemental Guidance

Organizations employ dual authorization to ensure that any changes to selected information system components and information cannot occur unless two qualified individuals implement such changes. The two individuals possess sufficient skills/expertise to determine if the proposed changes are correct implementations of approved changes. Dual authorization may also be known as two-person control.

Related controls: AC-5, CM-3.

>Tailoring Guidance

This security control/enhancement specifies a very specialized and/or advanced capability that is not required for all systems. Consequently, inclusion in a departmental profile is made on a case by case basis.

Ask AI

Configure your API key to use AI features.