The information system protects against an individual (or process acting on behalf of an individual) falsely denying having performed [Assignment: organization-defined actions to be covered by non-repudiation].
Types of individual actions covered by non-repudiation include, for example, creating information, sending and receiving messages, approving information (e.g., indicating concurrence or signing a contract). Non-repudiation protects individuals against later claims by: (i) authors of not having authored particular documents; (ii) senders of not having transmitted messages; (iii) receivers of not having received messages; or (iv) signatories of not having signed documents. Non-repudiation services can be used to determine if information originated from a particular individual, or if an individual took specific actions (e.g., sending an email, signing a contract, approving a procurement request) or received specific information. Organizations obtain non-repudiation services by employing various techniques or mechanisms (e.g., digital signatures, digital message receipts).
The information system: Binds the identity of the information producer with the information to [Assignment: organization-defined strength of binding]; and Provides the means for authorized individuals to determine the identity of the producer of the information.
The information system: Validates the binding of the information producer identity to the information at [Assignment: organization-defined frequency]; and Performs [Assignment: organization-defined actions] in the event of a validation error.
The information system maintains reviewer/releaser identity and credentials within the established chain of custody for all information reviewed or released.
The information system: Validates the binding of the information reviewer identity to the information at the transfer or release points prior to release/transfer between [Assignment: organization-defined security domains]; and Performs [Assignment: organization-defined actions] in the event of a validation error.