myctrl.tools
Compare

SI-18(2)Data Tags

>Control Description

Employ data tags to automate the correction or deletion of personally identifiable information across the information life cycle within organizational systems.

>Cross-Framework Mappings

SCF

DCH-22.2
Compare

>Supplemental Guidance

Data tagging personally identifiable information includes tags that note processing permissions, authority to process, de-identification, impact level, information life cycle stage, and retention or last updated dates. Employing data tags for personally identifiable information can support the use of automation tools to correct or delete relevant personally identifiable information.

>Related Controls

AC-3
AC-16
SC-16

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern data tags?
  • Who is responsible for monitoring system and information integrity?
  • How frequently are integrity monitoring processes reviewed and updated?
  • What is your patch management process and timeline?

Technical Implementation:

  • What technical controls detect and respond to data tags issues?
  • How are integrity violations identified and reported?
  • What automated tools support system and information integrity monitoring?
  • How do you ensure timely installation of security-relevant patches?

Evidence & Documentation:

  • Can you provide recent integrity monitoring reports or alerts?
  • What logs demonstrate that SI-18(2) is actively implemented?
  • Where is evidence of integrity monitoring maintained and for how long?
  • Can you show recent patch installation records?

Ask AI

Configure your API key to use AI features.