AU-10(1)
-
Requirement
- Bind the identity of the information producer with the information to [Assignment: organization-defined strength of binding]; and
- Provide the means for authorized individuals to determine the identity of the producer of the information.
-
Discussion
Binding identities to the information supports audit requirements that provide organizational personnel with the means to identify who produced specific information in the event of an information transfer. Organizations determine and approve the strength of attribute binding between the information producer and the information based on the security category of the information and other relevant risk factors.
NIST 800-53A Assessment Guidance
CMMC Training
Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!