Rule ID
SV-234318r1212943_rule
Version
V2R5
CCIs
Without nonrepudiation, it is impossible to positively attribute an action to an individual (or process acting on behalf of an individual). Nonrepudiation services can be used to determine if information originated from a particular individual, or if an individual took specific actions (e.g., sending an email, signing a contract, approving a procurement request) or received specific information. Nonrepudiation protects individuals against later claims by an author of not having authored a particular document, a sender of not having transmitted a message, a receiver of not having received a message, or a signatory of not having signed a document. The application will be configured to provide nonrepudiation services for an organization-defined set of commands that are used by the user (or processes action on behalf of the user). DoW PKI provides for nonrepudiation through the use of digital signatures. Nonrepudiation requirements will vary from one application to another and will be defined based on application functionality, data sensitivity, and mission requirements. Satisfies:FCS_COP.1.1/SigGen, FCS_COP1.1/SigVer, FCS_COP.1.1/KeyedHash
Verify the UEM server protects against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by nonrepudiation. If the UEM server does not protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by nonrepudiation this is a finding.
Configure the UEM server to protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by nonrepudiation.