Navigate

CCI-004255

CCI-004255 Definition

Defines the elements identified in the privacy risk assessment for limiting personally identifiable information contained in visitor access records.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if personally identifiable information contained in visitor access records is limited to [PE-08(03)_ODP; elements identified in the privacy risk assessment to limit personally identifiable information contained in visitor access logs are defined] identified in the privacy risk assessment.

Validation Procedures

Examine: [SELECT FROM: Physical and environmental protection policy; personally identifiable information processing policy; privacy risk assessment documentation; privacy impact assessment; visitor access records; personally identifiable information inventory; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with visitor access records responsibilities; organizational personnel with information security and privacy responsibilities]. Test: [SELECT FROM: Organizational processes for maintaining and reviewing visitor access records].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-004255.

Control	Description
PE-8(3)	Limit personally identifiable information contained in visitor access records to the following elements identified in the privacy risk assessment: [elements identified in the privacy risk assessment to limit personally identifiable information contained in visitor access logs are defined;].