AU-10(4): Validate Binding Of Information Reviewer Identity

Control Family:

Audit And Accountability

Parent Control:

AU-10: Non-Repudiation

Priority:

P2: Implement P2 security controls after implementation of P1 controls.

CSF v1.1 References:

PR.PT-1

Threats Addressed:

Repudiation

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
AU-10(4): Validate Binding of Information Reviewer Identity

Control Statement

The information system:

Validates the binding of the information reviewer identity to the information at the transfer or release points prior to release/transfer between [Assignment: organization-defined security domains]; and
Performs [Assignment: organization-defined actions] in the event of a validation error.

Supplemental Guidance

This control enhancement prevents the modification of information between review and transfer/release. The validation of bindings can be achieved, for example, by the use of cryptographic checksums. Organizations determine validations are in response to user requests or generated automatically.