AU-10 (4) Non-Repudiation | Validate Binding Of Information Reviewer Identity
The information system:
AU-10 (4)(a): Validates the binding of the information reviewer identity to the information at the transfer or release points prior to release/transfer between [Assignment: organization-defined security domains]; and
AU-10 (4)(b): Performs [Assignment: organization-defined actions] in the event of a validation error.
Applicable CNSSI 1253 Baselines
Confidentiality
- L
- M
- H
Integrity
- L
- M
- H
Availability
- L
- M
- H
Supplemental Guidance
This control enhancement prevents the modification of information between review and transfer/release. The validation of bindings can be achieved, for example, by the use of cryptographic checksums. Organizations determine validations are in response to user requests or generated automatically.