CCI-004919

Employ organization-defined measures to facilitate an individual's awareness that personally identifiable information is being collected by organization-defined sensors.

Implementation Guidance

Determine if [SC-42(04)_ODP[01]; measures to facilitate an individual's awareness that personally identifiable information is being collected are defined] are employed to facilitate an individual's awareness that personally identifiable information is being collected by [SC-42(04)_ODP[02]; sensors that collect personally identifiable information are defined].

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; access control policy and procedures; personally identifiable information processing policy; sensor capability and data collection policy and procedures; system design documentation; system configuration settings and associated documentation; privacy risk assessment documentation; privacy impact assessments; system architecture; list of measures to be employed to ensure that individuals are aware that personally identifiable information is being collected by sensors; examples of notifications provided to individuals that personally identifiable information is being collected by sensors; system audit records; system security plan; privacy plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security and privacy responsibilities; organizational personnel installing, configuring, and/or maintaining the system; organizational personnel responsible for sensor capabilities]. Test: [SELECT FROM: Mechanisms supporting and/or implementing measures to facilitate an individualís awareness that personally identifiable information is being collected by sensors; sensor information collection capabilities for the system].

The controls below (if any) were marked by NIST as being related to CCI-004919.