NIST 800-53 REV 5 • CONTINGENCY PLANNING

CP-9(7)Dual Authorization for Deletion or Destruction

Enforce dual authorization for the deletion or destruction of {{ insert: param, cp-09.07_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Dual authorization ensures that deletion or destruction of backup information cannot occur unless two qualified individuals carry out the task. Individuals deleting or destroying backup information possess the skills or expertise to determine if the proposed deletion or destruction of information reflects organizational policies and procedures. Dual authorization may also be known as two-person control. To reduce the risk of collusion, organizations consider rotating dual authorization duties to other individuals.

Practitioner Notes

This enhancement requires dual authorization before backups can be deleted or destroyed — preventing a single rogue or compromised administrator from wiping out your recovery capability.

Example 1: Configure your Veeam backup repository so that deleting backup files requires approval from both the backup administrator and the security officer.

Example 2: Use Azure resource locks on your backup storage accounts that require two administrators to approve removal, preventing accidental or malicious deletion.

More Contingency Planning Controls

CP-1 Policy and Procedures CP-2 Contingency Plan CP-2(1) Coordinate with Related Plans CP-2(2) Capacity Planning