Back

Include all required information in the registration database.


CONTROL ID
15106
CONTROL TYPE
Data and Information Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a registration database., CC ID: 15048

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • The data listed in Annex VIII shall be entered into the EU database by the providers. The Commission shall provide them with technical and administrative support. (Article 60 2., Proposal for a Regulation of The European Parliament and of The Council Laying Down Harmonized Rules On Artificial Intelligence (Artificial Intelligence Act) and Ameding Certain Union Legislative Acts)
  • A log of activities that documents who took the action, what action was taken, when and where the action took place, and what data was collected. (2.6 ¶ 3 Bullet 1, FIPS Pub 201-3, Personal Identity Verification (PIV) of Federal Employees and Contractors)
  • Unique identifiers issued to the individual, such as the Federal Agency Smart Credential Number (FASC-N), the cardholder Universally Unique Identifier (UUID), and the card UUID. The record MAY contain historical unique identifiers. (2.6 ¶ 3 Bullet 3, FIPS Pub 201-3, Personal Identity Verification (PIV) of Federal Employees and Contractors)
  • Information about the authorizing entity that has approved the issuance of a credential. (2.6 ¶ 3 Bullet 4, FIPS Pub 201-3, Personal Identity Verification (PIV) of Federal Employees and Contractors)
  • Current status of the background investigation, including the results of the investigation once completed. (2.6 ¶ 3 Bullet 5, FIPS Pub 201-3, Personal Identity Verification (PIV) of Federal Employees and Contractors)
  • The evidence of authorization if the credential is issued under a pseudonym. (2.6 ¶ 3 Bullet 6, FIPS Pub 201-3, Personal Identity Verification (PIV) of Federal Employees and Contractors)
  • Any data about the cardholder, including subsequent changes in the data (e.g., cardholder name changes per Section 2.9.1.1). (2.6 ¶ 3 Bullet 7, FIPS Pub 201-3, Personal Identity Verification (PIV) of Federal Employees and Contractors)
  • If there is any data change about the cardholder, the issuer SHALL record this data change in the PIV enrollment record, if applicable. If the changed data is the cardholder’s name, then the issuer SHALL meet the requirements in Section 2.9.1.1. (2.9.1 ¶ 6, FIPS Pub 201-3, Personal Identity Verification (PIV) of Federal Employees and Contractors)
  • An enrollment data record that contains the most recent collection of each of the biometric data collected. The enrollment data record describes the circumstances of biometric acquisition including the name and role of the acquiring agent, the office and organization, time, place, and acquisition me… (2.6 ¶ 3 Bullet 2, FIPS Pub 201-3, Personal Identity Verification (PIV) of Federal Employees and Contractors)
  • PIV enrollment records SHALL maintain an auditable sequence of enrollment events to facilitate binding an applicant to multiple transactions that might take place at different times and locations. These records are generally stored as part of the cardholder’s PIV identity account, either as part o… (2.6 ¶ 2, FIPS Pub 201-3, Personal Identity Verification (PIV) of Federal Employees and Contractors)