NIST 800-53 Rev. 5

AC
AT
AU
CA
CM
CP
IA
IR
MA
MP
PE
PL
PM
PS
PT
RA
SA
SC
SI
SR
PT-1
PT-2
PT-2(1)
PT-2(2)
PT-3
PT-3(1)
PT-3(2)
PT-4
PT-4(1)
PT-4(2)
PT-4(3)
PT-5
PT-5(1)
PT-5(2)
PT-6
PT-6(1)
PT-6(2)
PT-7
PT-7(1)
PT-7(2)
PT-8

PT-8: Computer Matching Requirements

Control Text:

When a system or organization processes information for the purpose of conducting a matching program: a. Obtain approval from the Data Integrity Board to conduct the matching program; b. Develop and enter into a computer matching agreement; c. Publish a matching notice in the Federal Register; d. Independently verify the information produced by the matching program before taking adverse action against an individual, if required; and e. Provide individuals with notice and an opportunity to contest the findings before taking adverse action against an individual.

The PRIVACT establishes requirements for federal and non-federal agencies if they engage in a matching program. In general, a matching program is a computerized comparison of records from two or more automated PRIVACT systems of records or an automated system of records and automated records maintained by a non-federal agency (or agent thereof). A matching program either pertains to federal benefit programs or federal personnel or payroll records. A federal benefit match is performed to determine or verify eligibility for payments under federal benefit programs or to recoup payments or delinquent debts under federal benefit programs. A matching program involves not just the matching activity itself but also the investigative follow-up and ultimate action, if any.

Related Controls