AU 10 NON REPUDIATION - NIST-SP-800-53-R5/NIST-SP-800-53-R5.github.io GitHub Wiki

Control: Provide irrefutable evidence that an individual (or process acting on behalf of an individual) has performed [ Assignment: organization-defined actions to be covered by non- repudiation ].

Discussion: Types of individual actions covered by non-repudiation include creating information, sending and receiving messages, and approving information. Non-repudiation protects against claims by authors of not having authored certain documents, senders of not having transmitted messages, receivers of not having received messages, and signatories of not having signed documents. Non-repudiation services can be used to determine if information originated from an individual or if an individual took specific actions (e.g., sending an email, signing a contract, approving a procurement request, or receiving specific information). Organizations obtain non- repudiation services by employing various techniques or mechanisms, including digital signatures and digital message receipts.

Related Controls: AU-9, PM-12, SA-8, SC-8, SC-12, SC-13, SC-16, SC-17, SC-23.

Control Enhancements:

• (1) NON-REPUDIATION | ASSOCIATION OF IDENTITIES
  

  • (a) Bind the identity of the information producer with the information to [ Assignment: organization-defined strength of binding ]; and
  • (b) Provide the means for authorized individuals to determine the identity of the producer of the information.

  Discussion: Binding identities to the information supports audit requirements that provide organizational personnel with the means to identify who produced specific information in the event of an information transfer. Organizations determine and approve the strength of attribute binding between the information producer and the information based on the security category of the information and other relevant risk factors.

  Related Controls: AC-4, AC-16.

• (2) NON-REPUDIATION | VALIDATE BINDING OF INFORMATION PRODUCER IDENTITY
  

  • (a) Validate the binding of the information producer identity to the information at [ Assignment: organization-defined frequency ]; and
  • (b) Perform [ Assignment: organization-defined actions ] in the event of a validation error.

  Discussion: Validating the binding of the information producer identity to the information prevents the modification of information between production and review. The validation of bindings can be achieved by, for example, using cryptographic checksums. Organizations determine if validations are in response to user requests or generated automatically.

  Related Controls: AC-3, AC-4, AC-16.

• (3) NON-REPUDIATION | CHAIN OF CUSTODY
  Maintain reviewer or releaser credentials within the established chain of custody for information reviewed or released.

  Discussion: Chain of custody is a process that tracks the movement of evidence through its collection, safeguarding, and analysis life cycle by documenting each individual who handled the evidence, the date and time the evidence was collected or transferred, and the purpose for the transfer. If the reviewer is a human or if the review function is automated but separate from the release or transfer function, the system associates the identity of the reviewer of the information to be released with the information and the information label. In the case of human reviews, maintaining the credentials of reviewers or releasers provides the organization with the means to identify who reviewed and released the information. In the case of automated reviews, it ensures that only approved review functions are used.

  Related Controls: AC-4, AC-16.

• (4) NON-REPUDIATION | VALIDATE BINDING OF INFORMATION REVIEWER IDENTITY
  

  • (a) Validate the binding of the information reviewer identity to the information at the transfer or release points prior to release or transfer between [ Assignment: organization-defined security domains ]; and
  • (b) Perform [ Assignment: organization-defined actions ] in the event of a validation error.

  Discussion: Validating the binding of the information reviewer identity to the information at transfer or release points prevents the unauthorized modification of information between review and the transfer or release. The validation of bindings can be achieved by using cryptographic checksums. Organizations determine if validations are in response to user requests or generated automatically.

  Related Controls: AC-4, AC-16.

• (5) NON-REPUDIATION | DIGITAL SIGNATURES
  [Withdrawn: Incorporated into SI-7.]

References: [FIPS 140-3], [FIPS 180-4], [FIPS 186-4], [FIPS 202], [SP 800-177].