diff --git a/app/controllers/admin/submissions_controller.rb b/app/controllers/admin/submissions_controller.rb
index 0bb14edc1..da117ba31 100644
--- a/app/controllers/admin/submissions_controller.rb
+++ b/app/controllers/admin/submissions_controller.rb
@@ -220,7 +220,17 @@ def set_submission
     end
 
     def status_params
-      params.permit(:aasm_state)
+      permitted_params = params.permit(:aasm_state)
+
+      if permitted_params[:aasm_state].present?
+        unless Submission.aasm.states.map(&:name).include?(permitted_params[:aasm_state].to_sym)
+          raise ActionController::ParameterMissing, "Invalid state: #{permitted_params[:aasm_state]}"
+        end
+      else
+        raise ActionController::ParameterMissing, "aasm_state parameter is missing"
+      end
+
+      permitted_params
     end
 
     def tag_params
diff --git a/app/models/submission.rb b/app/models/submission.rb
index 734dc3b74..484a7c657 100644
--- a/app/models/submission.rb
+++ b/app/models/submission.rb
@@ -62,6 +62,7 @@ def validate_custom_form
     answered_questions.delete('language')
     answered_questions.delete('referer')
     answered_questions.delete('aasm_state')
+    answered_questions.delete('tags')
     answered_questions.delete('spam_score')
     answered_questions.delete('created_at')
     answered_questions.delete('updated_at')
diff --git a/app/views/admin/submissions/_status_form.html.erb b/app/views/admin/submissions/_status_form.html.erb
index 41b825843..b550300fa 100644
--- a/app/views/admin/submissions/_status_form.html.erb
+++ b/app/views/admin/submissions/_status_form.html.erb
@@ -12,7 +12,7 @@
   <ol class="usa-process-list">
     <% @submission.aasm.states.each do |state| %>
       <li class="usa-process-list__item padding-bottom-4">
-        <p class="usa-process-list__heading font-sans-md line-height-sans-4">
+        <p class="usa-process-list__heading font-sans-md line-height-sans-2">
           <span class="<%= @submission.aasm_state == state.name.to_s ? "" : "text-normal text-base-lighter" %>">
             <%= state.name.capitalize %>
           </span>
diff --git a/app/views/admin/submissions/show.html.erb b/app/views/admin/submissions/show.html.erb
index 2a91e956a..a91ab9db1 100644
--- a/app/views/admin/submissions/show.html.erb
+++ b/app/views/admin/submissions/show.html.erb
@@ -36,7 +36,7 @@
           <label class="usa-label">
             Organization
           </label>
-          <%= link_to(@submission.form.organization.name, admin_organization_path(@submission.form.organization)) %>
+          <%= render "admin/organizations/badge", organization: @submission.form.organization %>
         </div>
         <div class="grid-col-4">
           <label class="usa-label">
diff --git a/spec/controllers/admin/submissions_controller_spec.rb b/spec/controllers/admin/submissions_controller_spec.rb
index f9450c492..cc3596363 100644
--- a/spec/controllers/admin/submissions_controller_spec.rb
+++ b/spec/controllers/admin/submissions_controller_spec.rb
@@ -60,6 +60,37 @@
     sign_in(admin)
   end
 
+  describe "#status_params" do
+    let(:submission) { FactoryBot.create(:submission, form:) }
+    let(:valid_states) { Submission.aasm.states.map(&:name) }
+
+    context "when a valid aasm_state is provided" do
+      it "permits the parameter and returns it" do
+        valid_state = valid_states.sample.to_s
+        patch :update, params: { aasm_state: valid_state, form_id: submission.form.short_uuid, id: submission.id  }
+
+        expect(response).to redirect_to(admin_form_submission_path(form, submission))
+        expect(flash[:notice]).to eq('Response was successfully updated.')
+      end
+    end
+
+    context "when aasm_state is missing" do
+      it "raises an ActionController::ParameterMissing error" do
+        expect {
+          patch :update, params: { aasm_state: nil, form_id: submission.form.short_uuid, id: submission.id  }
+        }.to raise_error(ActionController::ParameterMissing, "param is missing or the value is empty: aasm_state parameter is missing")
+      end
+    end
+
+    context "when an invalid aasm_state is provided" do
+      it "raises an ActionController::ParameterMissing error" do
+        expect {
+          patch :update, params: { aasm_state: "invalid_state", form_id: submission.form.short_uuid, id: submission.id  }
+        }.to raise_error(ActionController::ParameterMissing, "param is missing or the value is empty: Invalid state: invalid_state")
+      end
+    end
+  end
+
   describe 'DELETE #destroy' do
     it 'destroys the requested submission' do
       submission = Submission.create! valid_attributes
diff --git a/spec/features/admin/submissions_spec.rb b/spec/features/admin/submissions_spec.rb
index 87342ab05..850d170db 100644
--- a/spec/features/admin/submissions_spec.rb
+++ b/spec/features/admin/submissions_spec.rb
@@ -109,6 +109,21 @@
               end
             end
           end
+
+          context 'with one Response that has tags' do
+            let!(:submission) { FactoryBot.create(:submission, form:, tags: ["this", "that"]) }
+
+            describe 'click View link in responses table' do
+              before do
+                visit admin_form_submission_path(form, submission)
+              end
+
+              it 'update a submission that has tags' do
+                click_on("Acknowledge")
+                expect(page).to have_content("Response was successfully updated.")
+              end
+            end
+          end
         end
 
         describe 'tag a Response' do