PM-24—Data Integrity Board
>Control Description
>Cross-Framework Mappings
>Supplemental Guidance
A Data Integrity Board is the board of senior officials designated by the head of a federal agency and is responsible for, among other things, reviewing the agency's proposals to conduct or participate in a matching program and conducting an annual review of all matching programs in which the agency has participated. As a general matter, a matching program is a computerized comparison of records from two or more automated PRIVACT systems of records or an automated system of records and automated records maintained by a non-federal agency (or agent thereof). A matching program either pertains to Federal benefit programs or Federal personnel or payroll records.
At a minimum, the Data Integrity Board includes the Inspector General of the agency, if any, and the senior agency official for privacy.
>Related Controls
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What is the process for developing and maintaining data mining detection and prevention capabilities?
- •How does the organization balance data mining for legitimate purposes with privacy protection?
- •Who oversees data mining activities and privacy protections?
- •What policies govern the use and disclosure of data mining results?
- •What governance exists for ensuring data mining activities comply with privacy requirements?
Technical Implementation:
- •What data mining or analytics tools are subject to this control?
- •How are data mining activities monitored and audited?
- •What technical controls prevent unauthorized data mining?
- •How are data mining results protected and restricted?
Evidence & Documentation:
- •Provide data mining policies and procedures.
- •Provide documentation of data mining activities and privacy protections.
- •Provide data mining approval records.
- •Provide evidence of data mining audit or oversight activities.
Ask AI
Configure your API key to use AI features.