Best Practices

File Non-Repudiation

Non-repudiation is the ability to prove that the file uploaded and the file downloaded are identical.  

Non-repudiation is an essential part of any secure file transfer solution

End-to-end file non-repudiation is the ability to prove who uploaded a specific file, who downloaded it, and that the file uploaded and the file downloaded are identical. It is a security best practice and required by Federal Information Security Management Act (FISMA), Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act (SOX), and others.

The ability to provide end-to-end file non-repudiation is an essential part of any secure file transfer solution because it provides the following benefits.

  • Guarantees the integrity of the data being transferred
  • Plays a valuable forensic role if a dispute arises about the file
  • Provides a capability that is required for Guaranteed Delivery

Providing end-to-end file non-repudiation requires using a secure file transfer server that can perform all of the following activities:

  • Authenticate each user who uploads or downloads a file
  • Check the integrity of each file when uploaded and downloaded
  • Compare the server and client-generated integrity check results
  • Associate and log the authentication and check results

The cryptographically valid SHA1 and MD5 algorithms are widely used to do file integrity checking. SHA1 is the stronger of these, and is approved for file integrity checking under US Federal Information Processing Standard FIPS 140-2. MOVEit secure file transfer server and the MOVEit Automation managed file transfer automation server each have built-in FIPS 140-2 validated cryptographic modules that include the SHA1 and MD5 algorithms, which they use for file integrity checking.

Our Buyer’s Guide will help you choose the best technology solution to fit your file transfer needs.