Navigate

CCI-003655

CCI-003655 Definition

Defines the mechanisms to be provided for access to elements of personally identifiable information.

Status
Type	CheckType.technical

Master Assessment Datasheet

Implementation Guidance

Determine if [AC-03(14)_ODP[01]; mechanisms enabling individuals to have access to elements of their personally identifiable information are defined] are provided to enable individuals to have access to [AC-03(14)_ODP[02]; elements of personally identifiable information to which individuals have access are defined] of their personally identifiable information.

Validation Procedures

Examine: [SELECT FROM: Access mechanisms (e.g., request forms and application interfaces); access control policy; procedures addressing access enforcement; system design documentation; system configuration settings and associated documentation; documentation regarding access to an individualís personally identifiable information; system audit records; system security plan; privacy plan; privacy impact assessment; privacy assessment findings and/or reports; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with access enforcement responsibilities; system/network administrators; organizational personnel with information security and privacy responsibilities; legal counsel]. Test: [SELECT FROM: Mechanisms implementing access enforcement functions; mechanisms enabling individual access to personally identifiable information].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-003655.

Control	Description
AC-3(14)	Provide [mechanisms enabling individuals to have access to elements of their personally identifiable information are defined;] to enable individuals to have access to the following elements of their personally identifiable information: [elements of personally identifiable information to which individuals have access are defined;].