CCI-003410
CCI-003410 Definition
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed defines and documents operational privacy procedures which govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the documented operational privacy procedures to ensure the organization being inspected/assessed develops operational privacy procedures which govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.
Compelling Evidence
1.) Site documents operational privacy procedures which govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII. Such documentation may include, but is not limited to, the organization's privacy program plan (PPP), the organization's Risk Management Framework implementing guidance, and the organization's RMF implementation guidance intranet.