CCI-003408
CCI-003408 Definition
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed disseminates via an information sharing capability, operational privacy policies and procedures which govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the operational privacy policies and procedures via the organization's information sharing capability to ensure the organization being inspected/assessed disseminates operational privacy policies which govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII and procedures which implement these policies.
Compelling Evidence
1.) Signed and dated operational privacy policies. 2.) Document procedures for ensuring dissemination of operational privacy policies and procedures which govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII. Such documentation may include, but is not limited to, the organization's privacy program plan (PPP), the organization's Risk Management Framework implementing guidance, and the organization's RMF implementation guidance intranet.