CM.AW-P6: Data provenance and lineage are maintained and can be accessed for review or transmission/disclosure

Provide the means to associate [Assignment: organization-defined types of security and privacy attributes] with [Assignment: organization-defined security and privacy attribute values] for information in storage, in process, and/or in transmission; Ensure that the attribute associations are made and retained with the information; Establish the following permitted security and privacy attributes from the attributes defined in…

Develop and maintain an accurate accounting of disclosures of personally identifiable information, including: Date, nature, and purpose of each disclosure; and Name and address, or other contact information of the individual or organization to which the disclosure was made; Retain the accounting of disclosures for the length of the time the personally identifiable information is…

Associate [Assignment: organization-defined security and privacy attributes] with information exchanged between systems and between system components.

Check the accuracy, relevance, timeliness, and completeness of personally identifiable information across the information life cycle [Assignment: organization-defined frequency]; and Correct or delete inaccurate or outdated personally identifiable information.

Document, monitor, and maintain valid provenance of the following systems, system components, and associated data: [Assignment: organization-defined systems, system components, and associated data].