Digital signatures use asymmetric cryptography to bind a signer’s identity to a specific message hash. In the CRISC context, they provide multiple security properties—integrity (changes to the message alter the signature) and authentication of the signer—but the key feature asked here isnonrepudiation: the signer cannot plausibly deny having signed the message, assuming private keys are properly protected. Biometrics are unrelated to digital signatures; authentication may be biometric at login, but the signature mechanism is cryptographic. The signature is not necessarily “constant over time” because signatures differ with different messages and may rely on different hash algorithms across periods. Custody of the signature is not limited to the receiver; any verifier with the signer’s public key can validate it. Nonrepudiation is therefore the best and most precise control objective associated with digital signatures in insecure networks.