DCH-23.7: Automated De-Identification of Sensitive Data

DCH-23.7 · Automated De-Identification of Sensitive Data

Control Description

Mechanisms exist to perform de-identification of sensitive/regulated data, using validated algorithms and software to implement the algorithms.

Control Question

Assessment question for control validation

Does the organization perform de-identification of sensitive/regulated data, using validated algorithms and software to implement the algorithms?

Control Weighting

Validation Cadence

Annual

NIST CSF Function

Protect

Supply Chain Risk Management (SCRM) Tiers

Applicable SCRM tier levels for this control

Tier 3 - Tactical