Navigate

CCI-003585

CCI-003585 Definition

The organization ensures the public has access to information about its privacy activities.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoDD 5400.11, DoD 5400.11-R, DoDI 5400.16, publication of both Privacy Impact Assessments and System of Records Notices, as well as, if published, Service or DoD Component level privacy regulations, meet this control's requirement to make public information about the organizations' privacy activities. The organization being inspected/assessed documents any Service or Component level privacy regulations it has published.

Validation Procedures

DoDD 5400.11, DoD 5400.11-R, DoDI 5400.16, publication of both Privacy Impact Assessments and System of Records Notices, as well as, if published, Service or DoD Component level privacy regulations, meet this control's to make publicly accessible information about the organizations' privacy activities. The organization conducting the inspection/assessment obtains and examines the published Service or Component level privacy regulations to ensure the organization being inspected/assessed, has made those regulations public.

Compelling Evidence

1.) examples of where organization publishes and documents Privacy Impact Assessments, System of Records Notices, and Service or DoD Component level Privacy regulations in order to make public information about the organization's privacy activities.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003585.

Control	Description
TR-3	The organization: a. Ensures that the public has access to information about its privacy activities and is able to communicate with its Senior Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO); and b. Ensures that its privacy practices are publicly available through organizational websites or otherwise.