AU-10(2): Validate Binding Of Information Producer Identity

Parent Control:

AU-10: Non-Repudiation

CSF v1.1 References:

Threats Addressed:


(Not part of any baseline)

Next Version:

Control Statement

The information system:

  1. Validates the binding of the information producer identity to the information at [Assignment: organization-defined frequency]; and
  2. Performs [Assignment: organization-defined actions] in the event of a validation error.

Supplemental Guidance

This control enhancement prevents the modification of information between production and review. The validation of bindings can be achieved, for example, by the use of cryptographic checksums. Organizations determine if validations are in response to user requests or generated automatically.