AU-10 Non-Repudiation
Description
Types of individual actions covered by non-repudiation include, for example, creating information, sending and receiving messages, approving information (e.g., indicating concurrence or signing a contract). Non-repudiation protects individuals against later claims by: (i) authors of not having authored particular documents; (ii) senders of not having transmitted messages; (iii) receivers of not having received messages; or (iv) signatories of not having signed documents. Non-repudiation services can be used to determine if information originated from a particular individual, or if an individual took specific actions (e.g., sending an email, signing a contract, approving a procurement request) or received specific information. Organizations obtain non-repudiation services by employing various techniques or mechanisms (e.g., digital signatures, digital message receipts). Related controls: SC-12, SC-8, SC-13, SC16, SC-17, SC-23.
Applicability
This Control applies to all TAMU-CC University information resources containing controlled or confidential information. The intended audience is all individuals who are responsible for the installation of new information resources, the operations of existing information resources, and individuals accountable for information resources security.
Implementation
The information system protects against an individual (or process acting on behalf of an individual) falsely denying having performed any change, addition, or deletion.
Revision History
Last Updated: February 21, 2025
Previous Versions:
- June 29, 2023
- May 31, 2022
- March 25, 2021
- September 16, 2019