Control requirements

Implementation guidance

See the resources that follow to learn more about how to implement this control.

• Audit logging of IBM Cloud events

• Audit logging of application provider events and SIEM

• IBM Cloud account setup

• Connecting application provider to the management VPC

NIST supplemental guidance

Types of individual actions covered by non-repudiation include creating information, sending and receiving messages, and approving information. Non-repudiation protects against claims by authors of not having authored certain documents, senders of not having transmitted messages, receivers of not having received messages, and signatories of not having signed documents. Non-repudiation services can be used to determine if information originated from an individual or if an individual took specific actions (e.g., sending an email, signing a contract, approving a procurement request, or receiving specific information). Organizations obtain non-repudiation services by employing various techniques or mechanisms, including digital signatures and digital message receipts.