CT.DM-P4: Data elements can be accessed for deletion
Description
[csf.tools Note: Subcategories do not have detailed descriptions.]
Related Controls
NIST Special Publication 800-53 Revision 5
AC-2: Account Management
Define and document the types of accounts allowed and specifically prohibited for use within the system; Assign account managers; Require [Assignment: organization-defined prerequisites and criteria] for group and role membership; Specify: Authorized users of the system; Group and role membership; and Access authorizations (i.e., privileges) and [Assignment: organization-defined attributes (as required)] for each account; Require…
AC-3: Access Enforcement
Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
CM-2: Baseline Configuration
Develop, document, and maintain under configuration control, a current baseline configuration of the system; and Review and update the baseline configuration of the system: [Assignment: organization-defined frequency]; When required due to [Assignment: organization-defined circumstances]; and When system components are installed or upgraded.
CM-3: Configuration Change Control
Determine and document the types of changes to the system that are configuration-controlled; Review proposed configuration-controlled changes to the system and approve or disapprove such changes with explicit consideration for security and privacy impact analyses; Document configuration change decisions associated with the system; Implement approved configuration-controlled changes to the system; Retain records of configuration-controlled changes…
CM-6: Configuration Settings
Establish and document configuration settings for components employed within the system that reflect the most restrictive mode consistent with operational requirements using [Assignment: organization-defined common secure configurations]; Implement the configuration settings; Identify, document, and approve any deviations from established configuration settings for [Assignment: organization-defined system components] based on [Assignment: organization-defined operational requirements]; and Monitor and…
SI-12: Information Management and Retention
Manage and retain information within the system and information output from the system in accordance with applicable laws, executive orders, directives, regulations, policies, standards, guidelines and operational requirements.
SI-18: Personally Identifiable Information Quality Operations
Check the accuracy, relevance, timeliness, and completeness of personally identifiable information across the information life cycle [Assignment: organization-defined frequency]; and Correct or delete inaccurate or outdated personally identifiable information.
NIST Special Publication 800-53 Revision 4
AC-2: Account Management
The organization: Identifies and selects the following types of information system accounts to support organizational missions/business functions: [Assignment: organization-defined information system account types]; Assigns account managers for information system accounts; Establishes conditions for group and role membership; Specifies authorized users of the information system, group and role membership, and access authorizations (i.e., privileges) and other…
AC-3: Access Enforcement
The information system enforces approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
CM-2: Baseline Configuration
The organization develops, documents, and maintains under configuration control, a current baseline configuration of the information system.
CM-3: Configuration Change Control
The organization: Determines the types of changes to the information system that are configuration-controlled; Reviews proposed configuration-controlled changes to the information system and approves or disapproves such changes with explicit consideration for security impact analyses; Documents configuration change decisions associated with the information system; Implements approved configuration-controlled changes to the information system; Retains records of…
CM-6: Configuration Settings
The organization: Establishes and documents configuration settings for information technology products employed within the information system using [Assignment: organization-defined security configuration checklists] that reflect the most restrictive mode consistent with operational requirements; Implements the configuration settings; Identifies, documents, and approves any deviations from established configuration settings for [Assignment: organization-defined information system components] based on [Assignment:…
SI-12: Information Handling And Retention
The organization handles and retains information within the information system and information output from the system in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and operational requirements.