The DBMS must validate the binding of the information to the identity of the information producer.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-32349	SRG-APP-000082-DB-000166	SV-42686r1_rule		Medium

Description

Non-repudiation protects individuals against later claims by an author of not having authored a particular document, a sender of not having transmitted a message, a receiver of not having received a message, or a signatory of not having signed a document. This non-repudiation control enhancement is intended to mitigate the risk that information gets modified between production and review. The validation of bindings can be achieved, for example, by the use of cryptographic checksums. When the identity of the producer of a piece of information is not bound to the information, the validity of the information can be questioned or the producer of the information can deny having produced it.

STIG	Date
Database Security Requirements Guide	2012-07-02

Details

Check Text ( C-40797r1_chk )
Review DBMS configuration to verify identity information is bound to any data being added to the database. If data is being added or processed in the database without identity information, this is a finding.

Fix Text (F-36263r1_fix)
Configure the DBMS to validate the binding of identity information to data being added to the database.