NIST 800-53 r5 · Controls catalogue · Family AU
AU-10Non-repudiation
Provide irrefutable evidence that an individual (or process acting on behalf of an individual) has performed {{ insert: param, au-10_odp }}.
Last updated: 09 May 2026 03:25 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (0)
- No ATT&CK techniques mapped to this control yet.
Weaknesses this control addresses (3)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-287 | Improper Authentication | 4,730 | Non-repudiation requires strong authentication mechanisms to irrefutably attribute performed actions to specific individuals or processes. |
CWE-353 | Missing Support for Integrity Check | 37 | Irrefutable evidence of actions requires integrity protection to prevent tampering or alteration of records. |
CWE-778 | Insufficient Logging | 23 | Providing proof of performed actions necessitates sufficient logging of security-relevant events with attribution details. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2026-29138 | 1.5 | 7.5 | 0.0004 | partial |