800-53|AU-10

Title

NON-REPUDIATION

Description

The information system protects against an individual (or process acting on behalf of an individual) falsely denying having performed [Assignment: organization-defined actions to be covered by non-repudiation].

Supplemental

Types of individual actions covered by non-repudiation include, for example, creating information, sending and receiving messages, approving information (e.g., indicating concurrence or signing a contract). Non-repudiation protects individuals against later claims by: (i) authors of not having authored particular documents; (ii) senders of not having transmitted messages; (iii) receivers of not having received messages; or (iv) signatories of not having signed documents. Non-repudiation services can be used to determine if information originated from a particular individual, or if an individual took specific actions (e.g., sending an email, signing a contract, approving a procurement request) or received specific information. Organizations obtain non-repudiation services by employing various techniques or mechanisms (e.g., digital signatures, digital message receipts).

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: SC-12,SC-13,SC-16,SC-17,SC-23,SC-8

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Priority: P2

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
3.4 Ensure 'Block third party cookies' is set to 'Enabled'	Windows	CIS Google Chrome L1 v2.1.0
3.4 Ensure 'Block third party cookies' is set to 'Enabled'	Windows	CIS Google Chrome L1 v2.0.0
5.2 Ensure 'Incognito mode availability' is set to 'Enabled: Incognito mode disabled'	Windows	CIS Google Chrome L2 v3.0.0
AMLS-NM-000170 - The Arista Multilayer Switch must protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation.	Arista	DISA STIG Arista MLS DCS-7000 Series NDM v1r3
ARST-ND-000150 - The Arista network device must be configured to audit all administrator activity.	Arista	DISA STIG Arista MLS EOS 4.2x NDM v1r1
Big Sur - Non-Repudiation	Unix	NIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Non-Repudiation	Unix	NIST macOS Big Sur v1.4.0 - All Profiles
CASA-ND-000210 - The Cisco ASA must be configured to protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation - buffered informational	Cisco	DISA STIG Cisco ASA NDM v1r6
CASA-ND-000210 - The Cisco ASA must be configured to protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation - logging enable	Cisco	DISA STIG Cisco ASA NDM v1r6
CISC-L2-000020 - The Cisco switch must uniquely identify all network-connected endpoint devices before establishing any connection - aaa group	Cisco	DISA STIG Cisco NX-OS Switch L2S v1r1
CISC-L2-000020 - The Cisco switch must uniquely identify all network-connected endpoint devices before establishing any connection - aaa group	Cisco	DISA STIG Cisco NX-OS Switch L2S v2r1
CISC-L2-000080 - The Cisco switch must authenticate all endpoint devices before establishing any connection - aaa group	Cisco	DISA STIG Cisco NX-OS Switch L2S v2r1
CISC-L2-000080 - The Cisco switch must authenticate all endpoint devices before establishing any connection - aaa group	Cisco	DISA STIG Cisco NX-OS Switch L2S v1r1
CISC-ND-000090 - The Cisco switch must be configured to automatically audit account creation - servers	Cisco	DISA STIG Cisco NX-OS Switch NDM v2r3
CISC-ND-000090 - The Cisco switch must be configured to automatically audit account creation - servers	Cisco	DISA STIG Cisco NX-OS Switch NDM v2r1
CISC-ND-000090 - The Cisco switch must be configured to automatically audit account creation. - servers	Cisco	DISA STIG Cisco NX-OS Switch NDM v1r1
CISC-ND-000100 - The Cisco switch must be configured to automatically audit account modification - servers	Cisco	DISA STIG Cisco NX-OS Switch NDM v2r1
CISC-ND-000100 - The Cisco switch must be configured to automatically audit account modification - servers	Cisco	DISA STIG Cisco NX-OS Switch NDM v2r3
CISC-ND-000100 - The Cisco switch must be configured to automatically audit account modification. - servers	Cisco	DISA STIG Cisco NX-OS Switch NDM v1r1
CISC-ND-000110 - The Cisco switch must be configured to automatically audit account disabling actions - servers	Cisco	DISA STIG Cisco NX-OS Switch NDM v2r3
CISC-ND-000110 - The Cisco switch must be configured to automatically audit account disabling actions - servers	Cisco	DISA STIG Cisco NX-OS Switch NDM v2r1
CISC-ND-000110 - The Cisco switch must be configured to automatically audit account disabling actions. - servers	Cisco	DISA STIG Cisco NX-OS Switch NDM v1r1
CISC-ND-000120 - The Cisco switch must be configured to automatically audit account removal actions - servers	Cisco	DISA STIG Cisco NX-OS Switch NDM v2r3
CISC-ND-000120 - The Cisco switch must be configured to automatically audit account removal actions - servers	Cisco	DISA STIG Cisco NX-OS Switch NDM v2r1
CISC-ND-000120 - The Cisco switch must be configured to automatically audit account removal actions. - servers	Cisco	DISA STIG Cisco NX-OS Switch NDM v1r1
CISC-ND-000210 - The Cisco device must be configured to audit all administrator activity.	Cisco	DISA STIG Cisco IOS XE Router NDM v2r9
CISC-ND-000210 - The Cisco device must be configured to audit all administrator activity.	Cisco	DISA STIG Cisco IOS Router NDM v2r8
CISC-ND-000210 - The Cisco device must be configured to audit all administrator activity.	Cisco	DISA STIG Cisco IOS Switch NDM v2r9
CISC-ND-000210 - The Cisco device must be configured to audit all administrator activity.	Cisco	DISA STIG Cisco IOS XE Switch NDM v2r9
CISC-ND-000210 - The Cisco router must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - logging userinfo	Cisco	DISA STIG Cisco IOS Router NDM v2r1
CISC-ND-000210 - The Cisco router must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - logging userinfo	Cisco	DISA STIG Cisco IOS XE Router NDM v2r3
CISC-ND-000210 - The Cisco router must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - logging userinfo	Cisco	DISA STIG Cisco IOS Router NDM v2r3
CISC-ND-000210 - The Cisco router must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - logging userinfo	Cisco	DISA STIG Cisco IOS XE Router NDM v2r1
CISC-ND-000210 - The Cisco router must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - logging userinfo	Cisco	DISA STIG Cisco IOS XE Router NDM v2r2
CISC-ND-000210 - The Cisco router must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - logging userinfo	Cisco	DISA STIG Cisco IOS Router NDM v2r2
CISC-ND-000210 - The Cisco switch must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - aaa accounting default group	Cisco	DISA STIG Cisco NX-OS Switch NDM v2r3
CISC-ND-000210 - The Cisco switch must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - aaa accounting default group	Cisco	DISA STIG Cisco NX-OS Switch NDM v1r1
CISC-ND-000210 - The Cisco switch must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - aaa accounting default group	Cisco	DISA STIG Cisco NX-OS Switch NDM v2r1
CISC-ND-000210 - The Cisco switch must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - logging userinfo	Cisco	DISA STIG Cisco IOS XE Switch NDM v1r1
CISC-ND-000210 - The Cisco switch must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - logging userinfo	Cisco	DISA STIG Cisco IOS Switch NDM v2r2
CISC-ND-000210 - The Cisco switch must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - logging userinfo	Cisco	DISA STIG Cisco IOS Switch NDM v2r3
CISC-ND-000210 - The Cisco switch must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - logging userinfo	Cisco	DISA STIG Cisco IOS XE Switch NDM v2r1
CISC-ND-000210 - The Cisco switch must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - logging userinfo	Cisco	DISA STIG Cisco IOS XE Switch NDM v2r2
CISC-ND-000210 - The Cisco switch must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - servers	Cisco	DISA STIG Cisco NX-OS Switch NDM v2r3
CISC-ND-000210 - The Cisco switch must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - servers	Cisco	DISA STIG Cisco NX-OS Switch NDM v1r1
CISC-ND-000210 - The Cisco switch must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - servers	Cisco	DISA STIG Cisco NX-OS Switch NDM v2r1
CISC-ND-000210 - The Cisco switch must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation.	Cisco	DISA STIG Cisco NX-OS Switch NDM v2r8
CISC-ND-000330 - The Cisco switch must be configured to generate audit records containing the full-text recording of privileged commands - servers	Cisco	DISA STIG Cisco NX-OS Switch NDM v2r1
CISC-ND-000330 - The Cisco switch must be configured to generate audit records containing the full-text recording of privileged commands - servers	Cisco	DISA STIG Cisco NX-OS Switch NDM v2r3
CISC-ND-000330 - The Cisco switch must be configured to generate audit records containing the full-text recording of privileged commands. - servers	Cisco	DISA STIG Cisco NX-OS Switch NDM v1r1

Detections

Analytics