Organizational Control: Non-repudiation
| Control ID: AU-10 Non-repudiation | Family: Audit and Accountability | Source: NIST 800-53r4 |
| Control: The information system protects against an individual (or process acting on behalf of an individual) falsely denying having performed [Assignment: organization-defined actions to be covered by non-repudiation]. | ||
| Supplemental Guidance: Types of individual actions covered by non-repudiation include, for example, creating information, sending and receiving messages, approving information (e.g.,indicating concurrence or signing a contract). Non-repudiation protects individuals against later claims by: (i) authors of not having authored particular documents; (ii) senders of not having transmitted messages; (iii) receivers of not having received messages; or (iv) signatories of not having signed documents. Non-repudiation services can be used to determine if information originated from a particular individual, or if an individual took specific actions (e.g., sending an email, signing a contract, approving a procurement request) or received specific information. Organizations obtain non-repudiation services by employing various techniques or mechanisms (e.g., digital signatures, digital message receipts). Related Controls: SC-17, SC-12, SC-8, SC-13, SC-16, SC-23 |
||
| Control Enhancements: N/A | ||
| References: N/A | ||
| Mechanisms: | ||
| Protocol Implementation Conformance Statements: N/A | ||