CCI-003407
CCI-003407 Definition
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed documents and implements operational privacy policies which govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the applicable privacy documentation to ensure the organization being inspected/assessed has documents which demonstrate operational privacy policies which govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.
Compelling Evidence
1.) Documentation for privacy policies which govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII. Such documentation may include, but is not limited to, the organization's privacy program plan (PPP), the organization's Risk Management Framework implementing guidance, and the organization's RMF implementation guidance intranet.