Dual Authorization
Access Control
NIST Control Text
Enforce dual authorization for [Assignment: organization-defined privileged commands and/or other organization-defined actions].
NIST Discussion
Dual authorization, also known as two-person control, reduces risk related to insider threats. Dual authorization mechanisms require the approval of two authorized individuals to execute. To reduce the risk of collusion, organizations consider rotating dual authorization duties. Organizations consider the risk associated with implementing dual authorization mechanisms when immediate responses are necessary to ensure public and environmental safety.
SL5 Supplemental Guidance
Organizations define privileged commands and actions requiring dual authorization based on their operational context, with emphasis on operations involving covered models or cryptographic keys protecting them. Dual authorization reduces single-actor compromise risk, which is particularly important given the limitations of private-sector vetting against sophisticated adversaries. At least one SenL-5 custodian must participate in dual authorization for weight operations [26].
Technical enforcement through cryptographic split-knowledge mechanisms or multi-party authorization workflows.