AU-10 Non-Repudiation

Audit and Accountability

Low Moderate High

Description

The information system provides the capability to determine whether a given individual took a particular action.

Supplemental Guidance

Examples of particular actions taken by individuals include creating information, sending a message, approving information (e.g., indicating concurrence or signing a contract), and receiving a message. Non-repudiation protects against later false claims by an individual of not having taken a specific action. Non-repudiation protects individuals against later claims by an author of not having authored a particular document, a sender of not having transmitted a message, a receiver of not having received a message, or a signatory of not having signed a document. Non-repudiation services can be used to determine if information originated from an individual, or if an individual took specific actions (e.g., sending an email, signing a contract, approving a procurement request) or received specific information. Non-repudiation services are obtained by employing various techniques or mechanisms (e.g., digital signatures, digital message receipts, time stamps).

Enhancements

(0) None.

Compliance Mappings

ISO 27001:2022

7.5A.8.15

CIS Controls v8

CIS 8

CSA CCM v4

IAM-12

CSA AICM v1

IAM-12

ISO 42001:2023

A.7.5

BSI IT-Grundschutz

OPS.1.1.5

ANSSI

Hygiene.29RGS.2.1SecNumCloud.13.7

FINMA Circular 2023/1

IV.C(66)IV.C(67)

OSFI B-13

B-13.3.3

EU GDPR

Art.5(2)

EU DORA

Art.10(1)

RBI CSF

Annex1.17

FISC Security Guidelines

FISC.O11FISC.T11FISC.T12

LGPD + BCB 4893

LGPD.Art.42-45

HKMA TM-E-1

TME1.10.3TME1.11.2TME1.9.3

EU CRA

CRA.I.2f

NCA ECC

2-12

UAE IA

CBB TM

TM-12

Qatar NIA

CBUAE

CR-3

BoM CTRM

4.2

IOSCO Cyber Resilience

DET-1

BCBS 239

Principle 3Principle 7

HIPAA Security Rule

§164.312(c)(2)§164.312(e)(2)(i)

SEBI CSCRF

DE.AURS.AN

CMMC 2.0

Common Criteria

CC Part 2 — FAU

Solvency II

Pillar3-Reporting

Lloyd's Minimum Standards

MS5.1MS8.12

PRA SS1/23

P-IT.2P3.2P4.4

FDA 21 CFR Part 11

§11.10(e)§11.30§11.50§11.70

CCSS v9.0

1.01.71.04.51.05.11.05.22.02.22.02.32.04.2

Basel SCO60

SCO60.11SCO60.55SCO60.62SCO60.63SCO60.66SCO60.70SCO60.71SCO60.73SCO60.82

BSSC Standards

TIS-05KMS-08

SEC Custody (Digital Assets)

SEC-CD-05SEC-CD-15SEC-CD-16

ISO 17799 (legacy)

10.8.210.9.112.3.1

COBIT 4.1 (legacy)

DS5.11