Navigate

CCI-003481

CCI-003481 Definition

The organization documents processes to ensure the integrity of personally identifiable information (PII) through existing security controls.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements the necessary security controls to protect the integrity of PII it maintains. Selection of security controls should be documented in relevant security documentation. NOTE: This applies to the security control for systems involved in computer matching agreements.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines system documentation that discusses the selection of security controls and their relevance to privacy and confirms controls are in place for systems that maintain PII. NOTE: This applies to the security control for systems involved in computer matching agreements.

Compelling Evidence

Supply documentation for processes that ensure the safety or integrity of PII. Reference section pertaining to security controls that safeguard PII maintained by organization. Observe that security controls in place are involved in computer matching agreements.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003481.

Control	Description
DI-2	The organization: a. Documents processes to ensure the integrity of personally identifiable information (PII) through existing security controls; and b. Establishes a Data Integrity Board when appropriate to oversee organizational Computer Matching Agreements123 and to ensure that those agreements comply with the computer matching provisions of the Privacy Act.