NIST 800-53 REV 5 • PROGRAM MANAGEMENT
PM-24 — Data Integrity Board
Establish a Data Integrity Board to: Review proposals to conduct or participate in a matching program; and Conduct an annual review of all matching programs in which the agency has participated.
Supplemental Guidance
A Data Integrity Board is the board of senior officials designated by the head of a federal agency and is responsible for, among other things, reviewing the agency’s proposals to conduct or participate in a matching program and conducting an annual review of all matching programs in which the agency has participated. As a general matter, a matching program is a computerized comparison of records from two or more automated [PRIVACT](#18e71fec-c6fd-475a-925a-5d8495cf8455) systems of records or an automated system of records and automated records maintained by a non-federal agency (or agent thereof). A matching program either pertains to Federal benefit programs or Federal personnel or payroll records. At a minimum, the Data Integrity Board includes the Inspector General of the agency, if any, and the senior agency official for privacy.
Practitioner Notes
A data integrity board is specifically responsible for overseeing computer matching programs — activities that compare records from different systems to find matches. This is primarily a federal requirement under the Privacy Act.
Example 1: If your organization conducts computer matching (comparing personnel records against contractor databases, for instance), establish a board that reviews and approves each matching agreement, ensures proper notice is given, and verifies that matches are accurate before action is taken.
Example 2: Document each matching program in a formal agreement that specifies what data is matched, the purpose, retention periods, and safeguards. The data integrity board should review these agreements annually and ensure they are published in the Federal Register if required.