DCNR-1 Non-repudiation
Overview
NIST FIPS 140-2 validated cryptography (e.g., DoD PKI class 3 or 4 token) is used to implement encryption (e.g., AES, 3DES, DES, Skipjack), key exchange (e.g., FIPS 171), digital signature (e.g., DSA, RSA, ECDSA), and hash (e.g., SHA-1, SHA-256, SHA-384, SHA-512). Newer standards should be applied as they become available.
| MAC / CONF | Impact | Subject Area |
|---|---|---|
| MACI MACII MACIII | Medium | Security Design and Configuration |
Details
| Threat |
|---|
| Without the ability to ensure proof of sender identity as well as proof of delivery, organizations foster an environment of lawlessness where individuals can deny having processed data. NIST FIPS 140-2 validated cryptography provides a means to provide for non-repudiation. |
| Guidance |
|---|
| 1. Non-repudiation is accomplished by employing various mechanisms or techniques (e.g., digital signatures, digital message receipts, and time stamps). 2. Each Component shall ensure proper non-repudiation implementation on all systems. 3. Follow system specific and FIPS guidance for latest approved non-repudiation methods. 4. NIST FIPS 140-2 validated cryptography (e.g., DoD PKI class 3 or 4 token) shall be used to implement encryption (e.g., AES, 3DES, DES, Skipjack), key exchange (e.g., FIPS 171), digital signature (e.g., DSA, RSA, ECDSA), and hash (e.g., SHA-1, SHA-256, SHA-384, SHA-512). 5. Newer standards shall be applied as they become available. |
References
- FIPS 140-2, Security Requirements for Cryptographic Modules, 25 May 2001