CM.AW-P6: Data provenance and lineage are maintained and can be accessed for review or transmission/disclosure
Description
[csf.tools Note: Subcategories do not have detailed descriptions.]
Related Controls
NIST Special Publication 800-53 Revision 5
AC-16: Security and Privacy Attributes
Provide the means to associate [Assignment: organization-defined types of security and privacy attributes] with [Assignment: organization-defined security and privacy attribute values] for information in storage, in process, and/or in transmission; Ensure that the attribute associations are made and retained with the information; Establish the following permitted security and privacy attributes from the attributes defined in…
PM-21: Accounting of Disclosures
Develop and maintain an accurate accounting of disclosures of personally identifiable information, including: Date, nature, and purpose of each disclosure; and Name and address, or other contact information of the individual or organization to which the disclosure was made; Retain the accounting of disclosures for the length of the time the personally identifiable information is…
SC-16: Transmission of Security and Privacy Attributes
Associate [Assignment: organization-defined security and privacy attributes] with information exchanged between systems and between system components.
SI-18: Personally Identifiable Information Quality Operations
Check the accuracy, relevance, timeliness, and completeness of personally identifiable information across the information life cycle [Assignment: organization-defined frequency]; and Correct or delete inaccurate or outdated personally identifiable information.
SR-4: Provenance
Document, monitor, and maintain valid provenance of the following systems, system components, and associated data: [Assignment: organization-defined systems, system components, and associated data].
NIST Special Publication 800-53 Revision 4
AC-16: Security Attributes
The organization: Provides the means to associate [Assignment: organization-defined types of security attributes] having [Assignment: organization-defined security attribute values] with information in storage, in process, and/or in transmission; Ensures that the security attribute associations are made and retained with the information; Establishes the permitted [Assignment: organization-defined security attributes] for [Assignment: organization-defined information systems]; and Determines…
SC-16: Transmission Of Security Attributes
The information system associates [Assignment: organization-defined security attributes] with information exchanged between information systems and between system components.