800-53|AU-10

Title

NON-REPUDIATION

Description

The information system protects against an individual (or process acting on behalf of an individual) falsely denying having performed [Assignment: organization-defined actions to be covered by non-repudiation].

Supplemental

Types of individual actions covered by non-repudiation include, for example, creating information, sending and receiving messages, approving information (e.g., indicating concurrence or signing a contract). Non-repudiation protects individuals against later claims by: (i) authors of not having authored particular documents; (ii) senders of not having transmitted messages; (iii) receivers of not having received messages; or (iv) signatories of not having signed documents. Non-repudiation services can be used to determine if information originated from a particular individual, or if an individual took specific actions (e.g., sending an email, signing a contract, approving a procurement request) or received specific information. Organizations obtain non-repudiation services by employing various techniques or mechanisms (e.g., digital signatures, digital message receipts).

Reference Item Details

Related: SC-12,SC-13,SC-16,SC-17,SC-23,SC-8

Category: AUDIT AND ACCOUNTABILITY

Family: AUDIT AND ACCOUNTABILITY

Priority: P2

Baseline Impact: HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
3.4 Ensure 'Block third party cookies' is set to 'Enabled'WindowsCIS Google Chrome L1 v2.1.0
5.2 Ensure 'Incognito mode availability ' is set to 'Enabled: Incognito mode disabled'WindowsCIS Google Chrome L2 v2.1.0
AMLS-NM-000170 - The Arista Multilayer Switch must protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation.AristaDISA STIG Arista MLS DCS-7000 Series NDM v1r3
Big Sur - Non-RepudiationUnixNIST macOS Big Sur v1.4.0 - 800-53r5 High
Big Sur - Non-RepudiationUnixNIST macOS Big Sur v1.4.0 - All Profiles
CASA-ND-000210 - The Cisco ASA must be configured to protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation - buffered informationalCiscoDISA STIG Cisco ASA NDM v1r1
CASA-ND-000210 - The Cisco ASA must be configured to protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation - logging enableCiscoDISA STIG Cisco ASA NDM v1r1
Catalina - Non-RepudiationUnixNIST macOS Catalina v1.5.0 - All Profiles
Catalina - Non-RepudiationUnixNIST macOS Catalina v1.5.0 - 800-53r5 High
CISC-ND-000210 - The Cisco device must be configured to audit all administrator activity - logging enableCiscoDISA STIG Cisco IOS Router NDM v2r4
CISC-ND-000210 - The Cisco device must be configured to audit all administrator activity - logging userinfoCiscoDISA STIG Cisco IOS Router NDM v2r4
CISC-ND-000210 - The Cisco router must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - logging enableCiscoDISA STIG Cisco IOS XE Router NDM v2r3
CISC-ND-000210 - The Cisco router must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - logging userinfoCiscoDISA STIG Cisco IOS XE Router NDM v2r3
CISC-ND-000210 - The Cisco switch must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - aaa accounting default groupCiscoDISA STIG Cisco NX-OS Switch NDM v2r3
CISC-ND-000210 - The Cisco switch must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - archive logging enableCiscoDISA STIG Cisco IOS Switch NDM v2r3
CISC-ND-000210 - The Cisco switch must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - archive logging enableCiscoDISA STIG Cisco IOS XE Switch NDM v2r2
CISC-ND-000210 - The Cisco switch must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - logging userinfoCiscoDISA STIG Cisco IOS Switch NDM v2r3
CISC-ND-000210 - The Cisco switch must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - logging userinfoCiscoDISA STIG Cisco IOS XE Switch NDM v2r2
CISC-ND-000210 - The Cisco switch must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation - serversCiscoDISA STIG Cisco NX-OS Switch NDM v2r3
DKER-EE-001170 - A policy set using the built-in role-based access control (RBAC) capabilities in the Universal Control Plane (UCP) component of Docker Enterprise must be configured.UnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - repositoryAccessUnixDISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r1
DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - team member accessUnixDISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r1
DTBC-0030 - Incognito mode must be disabled.WindowsDISA STIG Google Chrome v2r6
DTBC-0045 - Session only based cookies must be disabled.WindowsDISA STIG Google Chrome v2r6
DTBI780 - InPrivate Browsing must be disallowed.WindowsDISA STIG Microsoft Internet Explorer 9 v1r15
DTBI780-IE11 - InPrivate Browsing must be disallowed.WindowsDISA STIG IE 11 v2r1
EDGE-00-000005 - InPrivate mode must be disabled.WindowsDISA STIG Edge v1r4
EDGE-00-000033 - Browser history must be saved.WindowsDISA STIG Edge v1r4
F5BI-DM-000043 - The BIG-IP appliance must be configured to protect against an individual (or process acting on behalf of an individual) falsely denying having performed system configuration changes.F5DISA F5 BIG-IP Device Management 11.x STIG v2r1
FGFW-ND-000060 - The FortiGate device must log all user activity.FortiGateDISA Fortigate Firewall NDM STIG v1r1
JUNI-ND-000210 - The Juniper router must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation.JuniperDISA STIG Juniper Router NDM v2r1
MD3X-00-000040 - MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.UnixDISA STIG MongoDB Enterprise Advanced 3.x v2r1 OS
MD4X-00-000100 - MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.UnixDISA STIG MongoDB Enterprise Advanced 4.x v1r1 OS
Monterey - Non-RepudiationUnixNIST macOS Monterey v1.0.0 - 800-53r5 High
Monterey - Non-RepudiationUnixNIST macOS Monterey v1.0.0 - All Profiles
NET0898 - The router must use its loopback or OOB management interface address as the source address when originating syslog traffic.JuniperDISA STIG Juniper Infrastructure Router V8R29
NET0898 - The router must use its loopback or OOB management interface address as the source address when originating syslog traffic.JuniperDISA STIG Juniper Perimeter Router V8R32
Network Security - Set the source address for all route engine generated traffic - syslogJuniperJuniper Hardening JunOS 12 Devices Checklist
SOL-11.1-010350 - The operating system must protect against an individual falsely denying having performed a particular action. In order to do so the system must be configured to send audit records to a remote audit server - '.conf'UnixDISA STIG Solaris 11 SPARC v2r6
SOL-11.1-010350 - The operating system must protect against an individual falsely denying having performed a particular action. In order to do so the system must be configured to send audit records to a remote audit server - '.conf'UnixDISA STIG Solaris 11 X86 v2r6
SOL-11.1-010350 - The operating system must protect against an individual falsely denying having performed a particular action. In order to do so the system must be configured to send audit records to a remote audit server - 'getplugin'UnixDISA STIG Solaris 11 SPARC v2r6
SOL-11.1-010350 - The operating system must protect against an individual falsely denying having performed a particular action. In order to do so the system must be configured to send audit records to a remote audit server - 'getplugin'UnixDISA STIG Solaris 11 X86 v2r6
SQL6-D0-004000 - SQL Server must protect against a user falsely repudiating by ensuring all accounts are individual, unique, and not shared.WindowsDISA STIG SQL Server 2016 Instance OS Audit v2r7
TCAT-AS-000050 - AccessLogValve must be configured for each application context.UnixDISA STIG Apache Tomcat Application Server 9 v2r4
TCAT-AS-000050 - AccessLogValve must be configured for each application context.UnixDISA STIG Apache Tomcat Application Server 9 v2r4 Middleware
WBLC-02-000062 - Oracle WebLogic must protect against an individual falsely denying having performed a particular action.WindowsOracle WebLogic Server 12c Windows v2r1
WBLC-02-000062 - Oracle WebLogic must protect against an individual falsely denying having performed a particular action.UnixOracle WebLogic Server 12c Linux v2r1 Middleware
WBLC-02-000062 - Oracle WebLogic must protect against an individual falsely denying having performed a particular action.UnixOracle WebLogic Server 12c Linux v2r1
WBSP-AS-000070 - The WebSphere Application Server security auditing must be enabled.UnixDISA IBM WebSphere Traditional 9 STIG v1r1
WBSP-AS-000070 - The WebSphere Application Server security auditing must be enabled.WindowsDISA IBM WebSphere Traditional 9 Windows STIG v1r1