Systems Security Certified Practitioner – SSCP – Question0226

How would nonrepudiation be best classified as?

A.
A preventive control
B. A logical control
C. A corrective control
D. A compensating control

Correct Answer: A

Explanation:

Systems accountability depends on the ability to ensure that senders cannot deny sending information and that receivers cannot deny receiving it. Because the mechanisms implemented in nonrepudiation prevent the ability to successfully repudiate an action, it can be considered as a preventive control. Source: STONEBURNER, Gary, NIST Special Publication 800-33: Underlying Technical Models for Information Technology Security, National Institute of Standards and Technology, December 2001, page 7.