CCI-003438

The organization audits privacy controls, per organization-defined frequency, to ensure effective implementation.

Implementation Guidance

The organization being inspected/assessed documents and implements a process to audit privacy controls, every three years or as required by major system change, to ensure effective implementation.The organization must maintain an audit trail.DoD has defined the frequency as every three years or as required by major system change.DoD has defined the frequency as upon a change in the privacy, security or authorization posture of the system and not to exceed every three years.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process as well as the audit trail to ensure the organization being inspected/assessed audits privacy controls, every three years or as required by major system change, to ensure effective implementation.DoD has defined the frequency as every three years or as required by major system change.DoD has defined the frequency as upon a change in the privacy, security or authorization posture of the system and not to exceed every three years.

Compelling Evidence

Reference section of documentation that pertains to a process to audit privacy controls. Observe that audit trail frequency of every three years or as required by a major system change and cannot exceed every three years.

The controls below (if any) were marked by NIST as being related to CCI-003438.