Title

The application must protect against an individual falsely denying having performed a particular action. (Cat II impact)

Discussion

Non-repudiation of actions taken is required in order to maintain application integrity. Examples of particular actions taken by individuals include creating information, sending a message, approving information (e.g., indicating concurrence or signing a contract), and receiving a message. Non-repudiation protects individuals against later claims by an author of not having authored a particular document, a sender of not having transmitted a message, a receiver of not having received a message, or a signatory of not having signed a document. Rationale for non-applicability: The SRG assumes that there is a single user in the mobile application environment, thereby obviating the need to rule out any other user from claiming or denying a particular action. To the extent that non-repudiation services are required for certain application transactions, user authentication to the device would protect against that user falsely denying having performed a particular action. Additional application assurance is unnecessary in this context.

Check Content

This requirement is NA for the MAPP SRG.

Fix Text

The requirement is NA. No fix is required.

Additional Identifiers

Rule ID: SV-46558r1_rule

Vulnerability ID: V-35271

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.