CCI-003392
CCI-003392 Definition
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed identifies and documents in applicable privacy notices and privacy impact assessment, the legal authority applicable to the information system permitting the collection of PII IAW 5 USC 552a, DoDD 5400.11, DoD 5400.11-R, and DoDD 5400.16.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the applicable privacy documentation to ensure the organization being inspected/assessed has documented the legal authority that permits the collection of PII, and that such collection is related to, and compatible with, the purpose and scope of the authority described in the privacy documentation.
Compelling Evidence
Site must produce signed and/or published PII documentation which describes PII policy on collection of PII. Such PII documentation may include, but is not limited to, the relevant Privacy Act system of records notice, the DD 2930 (Privacy Impact Assessment), the system privacy plan (SPP), the Privacy Act Statement, and, if applicable, the DoD Report Control Symbol number or OMB Control number.