An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: releases-v2025.11.1 - rmfrev5
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: releases-v2025.11.1 - rmfrev5
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
113/172
)
CCIs
Number
Definition
Status
Related
CCI-003391
The organization disposes of information system components using organization-defined techniques and methods.
Draft
CCI-003392
The organization determines and documents the legal authority that permits the collection of personally identifiable information (PII), either generally or in support of a specific program or information system need.
Draft
CCI-003393
The organization determines and documents the legal authority that permits the use of personally identifiable information (PII), either generally or in support of a specific program or information system need.
Draft
CCI-003394
The organization determines and documents the legal authority that permits the maintenance of personally identifiable information (PII), either generally or in support of a specific program or information system need.
Draft
CCI-003395
The organization determines and documents the legal authority that permits the sharing of personally identifiable information (PII), either generally or in support of a specific program or information system need.
Draft
CCI-003396
The organization describes, in its privacy notices, the purpose(s) for which personally identifiable information (PII) is collected.
Draft
CCI-003397
The organization appoints a Senior Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO) accountable for developing, implementing, and maintaining an organization-wide governance and privacy program to ensure compliance with all applicable laws and regulations regarding the collection, use, maintenance, sharing, and disposal of personally identifiable information (PII) by programs and information systems.
Draft
CCI-003398
The organization describes, in its privacy notices, the purpose(s) for which personally identifiable information (PII) is used.
Draft
CCI-003399
The organization describes, in its privacy notices, the purpose(s) for which personally identifiable information (PII) is maintained.
Draft
CCI-003400
The organization describes, in its privacy notices, the purpose(s) for which personally identifiable information (PII) is shared.
Draft
CCI-003401
The organization monitors federal privacy laws and policy for changes that affect the privacy program.
Draft
CCI-003402
The organization defines the allocation of budget resources sufficient to implement and operate the organization-wide privacy program.
Draft
CCI-003403
The organization defines the allocation of staffing resources sufficient to implement and operate the organization-wide privacy program.
Draft
CCI-003404
The organization allocates sufficient organization-defined budget resources to implement and operate the organization-wide privacy program.
Draft
CCI-003405
The organization allocates sufficient organization-defined staffing resources to implement and operate the organization-wide privacy program.
Draft
CCI-003406
The organization develops a strategic organizational privacy plan for implementing applicable privacy controls, policies, and procedures.
Draft
CCI-003407
The organization develops operational privacy policies which govern the appropriate privacy and security controls for programs, information systems, or technologies involving personally identifiable information (PII).
Draft
CCI-003408
The organization disseminates operational privacy policies which govern the appropriate privacy and security controls for programs, information systems, or technologies involving personally identifiable information (PII).
Draft
CCI-003409
The organization implements operational privacy policies which govern the appropriate privacy and security controls for programs, information systems, or technologies involving personally identifiable information (PII).
Draft
CCI-003410
The organization develops operational privacy procedures which govern the appropriate privacy and security controls for programs, information systems, or technologies involving personally identifiable information (PII).
Draft
CCI-003411
The organization disseminates operational privacy procedures which govern the appropriate privacy and security controls for programs, information systems, or technologies involving personally identifiable information (PII).
Draft
CCI-003412
The organization implements operational privacy procedures which govern the appropriate privacy and security controls for programs, information systems, or technologies involving personally identifiable information (PII).
Draft
CCI-003413
The organization defines the frequency, minimally biennially, on which the privacy plan, policies, and procedures are to be updated.
Draft
CCI-003414
The organization updates the privacy plan per organization-defined frequency.
Draft
CCI-003415
The organization updates the privacy policies per organization-defined frequency.
Draft
CCI-003416
The organization updates the privacy procedures per organization-defined frequency.
Draft
CCI-003417
The organization documents a privacy risk management process which assesses the privacy risk to individuals.
Draft
CCI-003418
The organization implements a privacy risk management process which assesses the privacy risk to individuals.
Draft
CCI-003419
The organization's privacy risk management process assesses the privacy risk to individuals resulting from the collection of personally identifiable information (PII).
Draft
CCI-003420
The organization's privacy risk management process assesses the privacy risk to individuals resulting from the sharing of personally identifiable information (PII).
Draft
Prev
1...
109
110
111
112
113
114
115
116
117
...172
Next