NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY

SI-18(2)Data Tags

Employ data tags to automate the correction or deletion of personally identifiable information across the information life cycle within organizational systems.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Data tagging personally identifiable information includes tags that note processing permissions, authority to process, de-identification, impact level, information life cycle stage, and retention or last updated dates. Employing data tags for personally identifiable information can support the use of automation tools to correct or delete relevant personally identifiable information.

Practitioner Notes

Use data tags to identify the quality, source, and timeliness of PII so users know how much to trust the data.

Example 1: Add metadata tags to PII records indicating when the data was last verified, what source it came from, and a confidence level. An address verified by the postal service last month has higher confidence than one self-reported three years ago.

Example 2: In your CRM, tag records with their data source (customer-provided, third-party enrichment, manually entered) and last-verified date. Reports and decision-making processes can then filter by data quality to ensure they use only reliable information.

More System and Information Integrity Controls

SI-1 Policy and Procedures SI-2 Flaw Remediation SI-2(1) Central Management SI-2(2) Automated Flaw Remediation Status