The application server must attach data tags containing organization-defined authorized processing to organization-defined elements of personally identifiable information.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-278962 | SRG-APP-001045-AS-000325 | SV-278962r1137597_rule | CCI-004544 | medium |
| Description | ||||
| Data tags support the tracking and enforcement of authorized processing by conveying the types of processing that are authorized along with the relevant elements of personally identifiable information throughout the system. Data tags may also support the use of automated tools. This requirement also applies to Zero Trust initiatives. | ||||
| STIG | Date | |||
| Application Server Security Requirements Guide | 2025-09-10 | |||
Details
Check Text (C-278962r1137597_chk)
Verify the application server is configured to attach data tags containing organization-defined authorized processing to organization-defined elements of personally identifiable information.
If the application server does not attach data tags containing organization-defined authorized processing to organization-defined elements of personally identifiable information, this is a finding.
Fix Text (F-83415r1137596_fix)
Configure the application server to attach data tags containing organization-defined authorized processing to organization-defined elements of personally identifiable information.