The application server must attach data tags containing organization-defined authorized processing to organization-defined elements of personally identifiable information.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-278962 | SRG-APP-001045 | SRG-APP-001045-AS-000325 | SV-278962r1137597_rule | 2025-09-10 | 4 |
Description
Data tags support the tracking and enforcement of authorized processing by conveying the types of processing that are authorized along with the relevant elements of personally identifiable information throughout the system. Data tags may also support the use of automated tools.
This requirement also applies to Zero Trust initiatives.
ℹ️ Check
Verify the application server is configured to attach data tags containing organization-defined authorized processing to organization-defined elements of personally identifiable information.
If the application server does not attach data tags containing organization-defined authorized processing to organization-defined elements of personally identifiable information, this is a finding.
✔️ Fix
Configure the application server to attach data tags containing organization-defined authorized processing to organization-defined elements of personally identifiable information.