UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DBMS must validate the binding of the information to the identity of the information producer.


Overview

Finding ID Version Rule ID IA Controls Severity
V-32349 SRG-APP-000082-DB-000166 SV-42686r1_rule Medium
Description
Non-repudiation protects individuals against later claims by an author of not having authored a particular document, a sender of not having transmitted a message, a receiver of not having received a message, or a signatory of not having signed a document. This non-repudiation control enhancement is intended to mitigate the risk that information gets modified between production and review. The validation of bindings can be achieved, for example, by the use of cryptographic checksums. When the identity of the producer of a piece of information is not bound to the information, the validity of the information can be questioned or the producer of the information can deny having produced it.
STIG Date
Database Security Requirements Guide 2012-07-02

Details

Check Text ( C-40797r1_chk )
Review DBMS configuration to verify identity information is bound to any data being added to the database. If data is being added or processed in the database without identity information, this is a finding.
Fix Text (F-36263r1_fix)
Configure the DBMS to validate the binding of identity information to data being added to the database.