AU-10(4): Validate Binding Of Information Reviewer Identity

Parent Control:

AU-10: Non-Repudiation

CSF v1.1 References:

Threats Addressed:


(Not part of any baseline)

Next Version:

Control Statement

The information system:

  1. Validates the binding of the information reviewer identity to the information at the transfer or release points prior to release/transfer between [Assignment: organization-defined security domains]; and
  2. Performs [Assignment: organization-defined actions] in the event of a validation error.

Supplemental Guidance

This control enhancement prevents the modification of information between review and transfer/release. The validation of bindings can be achieved, for example, by the use of cryptographic checksums. Organizations determine validations are in response to user requests or generated automatically.