NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY

SI-18(5)Notice of Correction or Deletion

Notify {{ insert: param, si-18.05_odp }} and individuals that the personally identifiable information has been corrected or deleted.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

When personally identifiable information is corrected or deleted, organizations take steps to ensure that all authorized recipients of such information, and the individual with whom the information is associated or their designated representatives, are informed of the corrected or deleted information.

Practitioner Notes

When PII is corrected or deleted, notify other organizations or systems that received the original data so they can update their records too.

Example 1: Maintain a log of all organizations you have shared PII with. When a correction is made, send update notifications to all recipients. For deletions, send deletion requests and track confirmations.

Example 2: For systems integrated via APIs, implement webhooks or event-driven updates that automatically push PII corrections to downstream systems. When the master record is corrected in your HR system, the change automatically propagates to payroll, benefits, and access control systems.

More System and Information Integrity Controls

SI-1 Policy and Procedures SI-2 Flaw Remediation SI-2(1) Central Management SI-2(2) Automated Flaw Remediation Status