The application server must attach data tags containing organization-defined processing purposes to organization-defined elements of personally identifiable information.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-278963 | SRG-APP-001050-AS-000326 | SV-278963r1137600_rule | CCI-004558 | medium |
| Description | ||||
| Data tags support the tracking of processing purposes by conveying the purposes along with the relevant elements of personally identifiable information throughout the system. By conveying the processing purposes in a data tag along with the personally identifiable information as the information transits a system, a system owner or operator can identify whether a change in processing would be compatible with the identified and documented purposes. Data tags may also support the use of automated tools. This requirement also applies to Zero Trust initiatives. | ||||
| STIG | Date | |||
| Application Server Security Requirements Guide | 2025-09-10 | |||
Details
Check Text (C-278963r1137600_chk)
Verify the application server is configured to attach data tags containing organization-defined processing purposes to organization-defined elements of personally identifiable information.
If the application server does not attach data tags containing organization-defined processing purposes to organization-defined elements of personally identifiable information, this is a finding.
Fix Text (F-83416r1137599_fix)
Configure the application server to attach data tags containing organization-defined processing purposes to organization-defined elements of personally identifiable information.