Employ a joint authorization process for the system that includes multiple authorizing officials from the same organization conducting the authorization.
|
|
| Control Identifier | CA-6(1) |
| Latest Sync Date | 19/12/24 09:18:14 |
| Discussion | Assigning multiple authorizing officials from the same organization to serve as co-authorizing officials for the system increases the level of independence in the risk-based decision-making process. It also implements the concepts of separation of duties and dual authorization as applied to the system authorization process. The intra-organization joint authorization process is most relevant for connected systems, shared systems, and systems with multiple information owners. |
| Related Controls | AC-6. |