Navigate

CCI-003588

CCI-003588 Definition

The organization uses personally identifiable information (PII) internally only for the authorized purpose(s) identified in the Privacy Act and/or in public notices.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed documents and implements a process to use personally identifiable information (PII) internally only for the authorized purpose(s) identified in the Privacy Act and/or in public notices.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented process to ensure the organization being inspected/assessed uses personally identifiable information (PII) internally only for the authorized purpose(s) identified in the Privacy Act and/or in public notices.

Compelling Evidence

1.) Produce signed and dated SSP 2.) Reference section pertaining to PII and verify the SSP describes a process to use personally identifiable information (PII) internally only for the authorized purpose(s) identified in the Privacy Act and/or in public notices. 3.) Validate that the site implements this policy

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003588.

Control	Description
UL-1	The organization uses personally identifiable information (PII) internally only for the authorized purpose(s) identified in the Privacy Act and/or in public notices.