OMB Individually Reported

Automated Detection of Personally Identifiable Information (PII) in Cybersecurity Data

Low riskExact public inventory row

Description

To enhance privacy, this AI tool uses Natural Language Processing (NLP) to automatically flag potential PII for review and removal by CISA analysts.

Detailed example

The system sends flagged data rows with potential PII to humans for review.

AI / analytics pattern

Natural Language Processing: AI that processes, interprets, and shares information in human language.

Automation level / stage

c) Deployed – The use case is being actively authorized or utilized to support the functions or mission of an agency.

Expected benefit

Automated PII Detection and Review Process uses analytics to identify and manage potential PII in submissions. If PII is flagged, the submission is sent to CISA analysts, who are guided by AI to review and confirm or reject the detection, redacting information if necessary. Privacy experts monitor the system and provide feedback. The system learns from this feedback, ensuring compliance with privacy regulations and improving efficiency by reducing false positives. Regular audits ensure the process remains trustworthy and effective.

Controls / human review

ATO: Yes; PIA: https://www.dhs.gov/publication/dhsnppdpia-029-automated-indicator-sharing

Data needed

Cybersecurity indicators of compromise (IOCs), Cybersecurity threat intelligence (CTI)