CHG-04.3 ยท Dual Authorization for Change

Control Description

Mechanisms exist to enforce a two-person rule for implementing changes to critical Technology Assets, Applications and/or Services (TAAS).

Control Question
Assessment question for control validation

Does the organization enforce a two-person rule for implementing changes to critical Technology Assets, Applications and/or Services (TAAS)?

Control Weighting
6
Validation Cadence
Annual
NIST CSF Function
Protect
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 2 - Operational
Tier 3 - Tactical
Additional Metadata
Applicability (Process):
x
Errata & Additional Notes

- wordsmithed control