The application server must attach data tags containing organization-defined processing purposes to organization-defined elements of personally identifiable information.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-278963 | SRG-APP-001050-AS-000326 | SV-278963r1137600_rule | CCI-004558 | medium |
| Description | ||||
| Data tags support the tracking of processing purposes by conveying the purposes along with the relevant elements of personally identifiable information throughout the system. By conveying the processing purposes in a data tag along with the personally identifiable information as the information transits a system, a system owner or operator can identify whether a change in processing would be compatible with the identified and documented purposes. Data tags may also support the use of automated tools. This requirement also applies to Zero Trust initiatives. | ||||
| STIG | Date | |||
| Application Server Security Requirements Guide | 2025-09-10 | |||
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
PT-3(1)
1.00
- DISA · V4R4 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI1 mapping
CCI-004558
1.00
- DISA · V4R4 · disa_xccdf · related
Details
Check Text (C-278963r1137600_chk)
Verify the application server is configured to attach data tags containing organization-defined processing purposes to organization-defined elements of personally identifiable information.
If the application server does not attach data tags containing organization-defined processing purposes to organization-defined elements of personally identifiable information, this is a finding.
Fix Text (F-83416r1137599_fix)
Configure the application server to attach data tags containing organization-defined processing purposes to organization-defined elements of personally identifiable information.