STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

AU-9 (5)

Audit and AccountabilityRev 5organization

Protection of Audit Information

Control Statement

Enforce dual authorization for [Selection: organization-defined value] of [Assignment: audit information].

Supplemental Guidance

Organizations may choose different selection options for different types of audit information. Dual authorization mechanisms (also known as two-person control) require the approval of two authorized individuals to execute audit functions. To reduce the risk of collusion, organizations consider rotating dual authorization duties to other individuals. Organizations do not require dual authorization mechanisms when immediate responses are necessary to ensure public and environmental safety.

Related Controls (1)

AC-3

CCI Identifiers (2)

CCI-001895Defines the audit information requiring dual authorization for movement or deletion actions.CCI-001896Enforce dual authorization for movement and/or deletion of organization-defined audit information.

Linked STIG Checks (4)

Across 4 STIGs. Click to expand.