UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

DCNR-1 Non-repudiation


Overview

NIST FIPS 140-2 validated cryptography (e.g., DoD PKI class 3 or 4 token) is used to implement encryption (e.g., AES, 3DES, DES, Skipjack), key exchange (e.g., FIPS 171), digital signature (e.g., DSA, RSA, ECDSA), and hash (e.g., SHA-1, SHA-256, SHA-384, SHA-512). Newer standards should be applied as they become available.

MAC / CONF Impact Subject Area
MACI
MACII
MACIII
Medium Security Design and Configuration

Details

Threat
Without the ability to ensure proof of sender identity as well as proof of delivery, organizations foster an environment of lawlessness where individuals can deny having processed data. NIST FIPS 140-2 validated cryptography provides a means to provide for non-repudiation.

Guidance
1. Non-repudiation is accomplished by employing various mechanisms or techniques (e.g., digital signatures, digital message receipts, and time stamps).
2. Each Component shall ensure proper non-repudiation implementation on all systems.
3. Follow system specific and FIPS guidance for latest approved non-repudiation methods.
4. NIST FIPS 140-2 validated cryptography (e.g., DoD PKI class 3 or 4 token) shall be used to implement encryption (e.g., AES, 3DES, DES, Skipjack), key exchange (e.g., FIPS 171), digital signature (e.g., DSA, RSA, ECDSA), and hash (e.g., SHA-1, SHA-256, SHA-384, SHA-512).
5. Newer standards shall be applied as they become available.

References

  • FIPS 140-2, Security Requirements for Cryptographic Modules, 25 May 2001