AU-10-727 Non-Repudiation

Non-Repudiation

Control ID

AU-10-727

Control Name

Non-Repudiation

Control Category

Audit and Accountability

Functional Areas

Sub-Areas

NIST Baseline Level(s)

HIGH

NIST Priority

State Implementation Required

Agency Last Implemented Date

January 20, 2018

Agency Implementation

The audit record stored on the Agency SIEM system shall serve as the authoritative record of information resource activity, as this log cannot be tampered on the information resource.

Risk Statement

Individuals can falsely deny having performed actions on information systems.

Control Description

The information system protects against an individual (or process acting on behalf of an individual) falsely denying having performed [Assignment: organization-defined actions to be covered by non-repudiation].

Control Example

State Implementation

No statewide control

Testing Procedures