An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
113/172
)
CCIs
Number
Definition
Status
Related
CCI-003391
The organization disposes of information system components using organization-defined techniques and methods.
Draft
SA-19(3)
CCI-003392
The organization determines and documents the legal authority that permits the collection of personally identifiable information (PII), either generally or in support of a specific program or information system need.
Draft
AP-1
CCI-003393
The organization determines and documents the legal authority that permits the use of personally identifiable information (PII), either generally or in support of a specific program or information system need.
Draft
AP-1
CCI-003394
The organization determines and documents the legal authority that permits the maintenance of personally identifiable information (PII), either generally or in support of a specific program or information system need.
Draft
AP-1
CCI-003395
The organization determines and documents the legal authority that permits the sharing of personally identifiable information (PII), either generally or in support of a specific program or information system need.
Draft
AP-1
CCI-003396
The organization describes, in its privacy notices, the purpose(s) for which personally identifiable information (PII) is collected.
Draft
AP-2
CCI-003397
The organization appoints a Senior Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO) accountable for developing, implementing, and maintaining an organization-wide governance and privacy program to ensure compliance with all applicable laws and regulations regarding the collection, use, maintenance, sharing, and disposal of personally identifiable information (PII) by programs and information systems.
Draft
AR-1
CCI-003398
The organization describes, in its privacy notices, the purpose(s) for which personally identifiable information (PII) is used.
Draft
AP-2
CCI-003399
The organization describes, in its privacy notices, the purpose(s) for which personally identifiable information (PII) is maintained.
Draft
AP-2
CCI-003400
The organization describes, in its privacy notices, the purpose(s) for which personally identifiable information (PII) is shared.
Draft
AP-2
CCI-003401
The organization monitors federal privacy laws and policy for changes that affect the privacy program.
Draft
AR-1
CCI-003402
The organization defines the allocation of budget resources sufficient to implement and operate the organization-wide privacy program.
Draft
AR-1
CCI-003403
The organization defines the allocation of staffing resources sufficient to implement and operate the organization-wide privacy program.
Draft
AR-1
CCI-003404
The organization allocates sufficient organization-defined budget resources to implement and operate the organization-wide privacy program.
Draft
AR-1
CCI-003405
The organization allocates sufficient organization-defined staffing resources to implement and operate the organization-wide privacy program.
Draft
AR-1
CCI-003406
The organization develops a strategic organizational privacy plan for implementing applicable privacy controls, policies, and procedures.
Draft
AR-1
CCI-003407
The organization develops operational privacy policies which govern the appropriate privacy and security controls for programs, information systems, or technologies involving personally identifiable information (PII).
Draft
AR-1
CCI-003408
The organization disseminates operational privacy policies which govern the appropriate privacy and security controls for programs, information systems, or technologies involving personally identifiable information (PII).
Draft
AR-1
CCI-003409
The organization implements operational privacy policies which govern the appropriate privacy and security controls for programs, information systems, or technologies involving personally identifiable information (PII).
Draft
AR-1
CCI-003410
The organization develops operational privacy procedures which govern the appropriate privacy and security controls for programs, information systems, or technologies involving personally identifiable information (PII).
Draft
AR-1
CCI-003411
The organization disseminates operational privacy procedures which govern the appropriate privacy and security controls for programs, information systems, or technologies involving personally identifiable information (PII).
Draft
AR-1
CCI-003412
The organization implements operational privacy procedures which govern the appropriate privacy and security controls for programs, information systems, or technologies involving personally identifiable information (PII).
Draft
AR-1
CCI-003413
The organization defines the frequency, minimally biennially, on which the privacy plan, policies, and procedures are to be updated.
Draft
AR-1
CCI-003414
The organization updates the privacy plan per organization-defined frequency.
Draft
AR-1
CCI-003415
The organization updates the privacy policies per organization-defined frequency.
Draft
AR-1
CCI-003416
The organization updates the privacy procedures per organization-defined frequency.
Draft
AR-1
CCI-003417
The organization documents a privacy risk management process which assesses the privacy risk to individuals.
Draft
AR-2
CCI-003418
The organization implements a privacy risk management process which assesses the privacy risk to individuals.
Draft
AR-2
CCI-003419
The organization's privacy risk management process assesses the privacy risk to individuals resulting from the collection of personally identifiable information (PII).
Draft
AR-2
CCI-003420
The organization's privacy risk management process assesses the privacy risk to individuals resulting from the sharing of personally identifiable information (PII).
Draft
AR-2
Prev
1...
109
110
111
112
113
114
115
116
117
...172
Next