SI-19(8)—Motivated Intruder
>Control Description
Perform a motivated intruder test on the de-identified dataset to determine if the identified data remains or if the de-identified data can be re-identified.
>Cross-Framework Mappings
>Supplemental Guidance
A motivated intruder test is a test in which an individual or group takes a data release and specified resources and attempts to re-identify one or more individuals in the de-identified dataset. Such tests specify the amount of inside knowledge, computational resources, financial resources, data, and skills that intruders possess to conduct the tests. A motivated intruder test can determine if the de-identification is insufficient.
It can also be a useful diagnostic tool to assess if de-identification is likely to be sufficient. However, the test alone cannot prove that de-identification is sufficient.
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies and procedures govern motivated intruder?
- •Who is responsible for monitoring system and information integrity?
- •How frequently are integrity monitoring processes reviewed and updated?
Technical Implementation:
- •What technical controls detect and respond to motivated intruder issues?
- •How are integrity violations identified and reported?
- •What automated tools support system and information integrity monitoring?
Evidence & Documentation:
- •Can you provide recent integrity monitoring reports or alerts?
- •What logs demonstrate that SI-19(8) is actively implemented?
- •Where is evidence of integrity monitoring maintained and for how long?
Ask AI
Configure your API key to use AI features.