Navigate

CCI-003473

CCI-003473 Definition

The organization issues guidelines ensuring the integrity of disseminated Privacy Act information.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed defines and issues PII integrity guidelines IAW DoD 5400.11-R. Integrity guidelines are tailored as necessary for specific programs or systems.

Validation Procedures

The organization conducting the inspection/assessment reviews the PII integrity guidelines for the organization being inspected/assessed against documentation for the program or system to ensure integrity thresholds are being met.

Compelling Evidence

Supply documentation for PII objectivity guidelines; ensure that the documented guidelines state/list the integrity thresholds. If PII collected are specific and held in separate systems or programs, reference documentation/policy that addresses and is specific to each system/program. Supply PII training certificate

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003473.

Control	Description
DI-1	The organization: DI-1a.: Confirms to the greatest extent practicable upon collection or creation of personally identifiable information (PII), the accuracy, relevance, timeliness, and completeness of that information; DI-1b.: Collects PII directly from the individual to the greatest extent practicable; DI-1c.: Checks for, and corrects as necessary, any inaccurate or outdated PII used by its programs or systems [Assignment: organization-defined frequency]; and DI-1d.: Issues guidelines ensuring and maximizing the quality, utility, objectivity, and integrity of disseminated information.

Control

Description

DI-1

The organization:

DI-1a.: Confirms to the greatest extent practicable upon collection or creation of personally identifiable information (PII), the accuracy, relevance, timeliness, and completeness of that information;

DI-1b.: Collects PII directly from the individual to the greatest extent practicable;

DI-1c.: Checks for, and corrects as necessary, any inaccurate or outdated PII used by its programs or systems [Assignment: organization-defined frequency]; and

DI-1d.: Issues guidelines ensuring and maximizing the quality, utility, objectivity, and integrity of disseminated information.