AU-10.4: Validate Binding of Information...

AU-10.4 · Validate Binding of Information Reviewer Identity

Control Description

Validate the binding of the information reviewer identity to the information at the transfer or release points prior to release or transfer between {{ insert: param, au-10.04_odp.01 }} ; and Perform {{ insert: param, au-10.04_odp.02 }} in the event of a validation error.

Impact Baselines

Security baselines where this control applies

Not in any baseline

Control Properties

SP800-53-enhancement

system

Assurance

Enhancement

Control Statement

The control requirements

(a) Validate the binding of the information reviewer identity to the information at the transfer or release points prior to release or transfer between {{ insert: param, au-10.04_odp.01 }} ; and

(b) Perform {{ insert: param, au-10.04_odp.02 }} in the event of a validation error.

Supplemental Guidance

Validating the binding of the information reviewer identity to the information at transfer or release points prevents the unauthorized modification of information between review and the transfer or release. The validation of bindings can be achieved by using cryptographic checksums. Organizations determine if validations are in response to user requests or generated automatically.

Related NIST Controls

Other NIST 800-53 controls related to this one

AC-04

AC-16