AU-10(2): Validate Binding Of Information Producer Identity

Control Family:

Audit And Accountability

Parent Control:

AU-10: Non-Repudiation

Priority:

P2: Implement P2 security controls after implementation of P1 controls.

CSF v1.1 References:

PR.PT-1

Threats Addressed:

Repudiation

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
AU-10(2): Validate Binding of Information Producer Identity

Control Statement

The information system:

Validates the binding of the information producer identity to the information at [Assignment: organization-defined frequency]; and
Performs [Assignment: organization-defined actions] in the event of a validation error.

Supplemental Guidance

This control enhancement prevents the modification of information between production and review. The validation of bindings can be achieved, for example, by the use of cryptographic checksums. Organizations determine if validations are in response to user requests or generated automatically.