CCI-003412
CCI-003412 Definition
Status | |
Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed documents and implements operational privacy procedures which implement the applicable privacy and security controls for programs, information systems, or technologies involving PII.
Validation Procedures
The organization conducting the inspection/assessment obtains and examines the operational privacy procedures to ensure the organization being inspected/assessed implements operational privacy procedures which govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.
Compelling Evidence
documentation of information systems having completed PII Confidentiality Impact Level Categorization process; documentation of correspondence discussing tailoring of privacy relevant controls from control set among privacy office, information system security officers/manager, and program manager; and documentation from Chief Information Officer and/or Chief Privacy Officer requiring implementation of operational privacy procedures in RMF process.