Title: The DBMS must validate the binding of the information to the identity of the information producer.
Vulnerability ID: V-32349
IA Controls: None
Description: Non-repudiation protects individuals against later claims by an author of not having authored a particular document, a sender of not having transmitted a message, a receiver of not having received a message, or a signatory of not having signed a document.
This non-repudiation control enhancement is intended to mitigate the risk that information gets modified between production and review. The validation of bindings can be achieved, for example, by the use of cryptographic checksums.
When the identity of the producer of a piece of information is not bound to the information, the validity of the information can be questioned or the producer of the information can deny having produced it.
Check Text: Review DBMS configuration to verify identity information is bound to any data being added to the database. If data is being added or processed in the database without identity information, this is a finding.
Fix Text: Configure the DBMS to validate the binding of identity information to data being added to the database.[divider]