An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: bugfix-XSS-85-d5bffe - rmfrev4
Open sidebar
Navigate
Top
Search
CCIs (
5137
)
Pages (
119/172
)
CCIs
Number
Definition
Status
Related
CCI-003571
The organization describes whether the organization shares personally identifiable information (PII) with external entities.
Draft
TR-1
CCI-003572
The organization describes the categories of those external entities with whom personally identifiable information (PII) is shared.
Draft
TR-1
CCI-003573
The organization describes the purposes for sharing personally identifiable information (PII) with external entities.
Draft
TR-1
CCI-003574
The organization describes whether individuals have the ability to consent to specific uses or sharing of personally identifiable information (PII).
Draft
TR-1
CCI-003575
The organization describes how individuals may exercise their consent regarding specific uses or sharing of personally identifiable information (PII).
Draft
TR-1
CCI-003576
The organization describes how individuals may obtain access to personally identifiable information (PII).
Draft
TR-1
CCI-003577
The organization describes how the personally identifiable information (PII) will be protected.
Draft
TR-1
CCI-003578
The organization revises its public notices to reflect changes in practice or policy that affect personally identifiable information (PII), before or as soon as practicable after the change.
Draft
TR-1
CCI-003579
The organization revises its public notices to reflect changes in practice or policy that impact privacy, before or as soon as practicable after the change.
Draft
TR-1
CCI-003580
The organization provides real-time notice and/or layered notice when it collects personally identifiable information (PII).
Draft
TR-1(1)
CCI-003581
The organization publishes System of Records Notices (SORNs) in the Federal Register, subject to required oversight processes, for systems containing personally identifiable information (PII).
Draft
TR-2
CCI-003582
The organization keeps System of Records Notices (SORNs) current.
Draft
TR-2
CCI-003583
The organization includes Privacy Act Statements on its forms that collect personally identifiable information (PII), or on separate forms that can be retained by individuals, to provide additional formal notice to individuals from whom the information is being collected.
Draft
TR-2
CCI-003584
The organization publishes System of Records Notices (SORNs) on its public website.
Draft
TR-2(1)
CCI-003585
The organization ensures the public has access to information about its privacy activities.
Draft
TR-3
CCI-003586
The organization ensures the public is able to communicate with its Senior Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO).
Draft
TR-3
CCI-003587
The organization ensures its privacy practices are publicly available through organizational websites or otherwise.
Draft
TR-3
CCI-003588
The organization uses personally identifiable information (PII) internally only for the authorized purpose(s) identified in the Privacy Act and/or in public notices.
Draft
UL-1
CCI-003589
The organization shares personally identifiable information (PII) externally, only for the authorized purposes identified in the Privacy Act and/or described in its notice(s) or for a purpose that is compatible with those purposes.
Draft
UL-2
CCI-003590
The organization, where appropriate, enters into Memoranda of Understanding, Memoranda of Agreement, Letters of Intent, Computer Matching Agreements, or similar agreements, with third parties that specifically describe the personally identifiable information (PII) covered.
Draft
UL-2
CCI-003591
The organization, where appropriate, enters into Memoranda of Understanding, Memoranda of Agreement, Letters of Intent, Computer Matching Agreements, or similar agreements, with third parties that specifically enumerate the purposes for which the personally identifiable information (PII) may be used.
Draft
UL-2
CCI-003592
The organization monitors its staff on the authorized sharing of personally identifiable information (PII) with third parties.
Draft
UL-2
CCI-003593
The organization audits its staff on the authorized sharing of personally identifiable information (PII) with third parties.
Draft
UL-2
CCI-003594
The organization trains its staff on the authorized sharing of personally identifiable information (PII) with third parties.
Draft
UL-2
CCI-003595
The organization trains its staff on the consequences of unauthorized use or sharing of personally identifiable information (PII).
Draft
UL-2
CCI-003596
The organization evaluates any proposed new instances of sharing personally identifiable information (PII) with third parties to assess whether the sharing is authorized.
Draft
UL-2
CCI-003597
The organization evaluates any proposed new instances of sharing personally identifiable information (PII) with third parties to assess whether additional or new public notice is required.
Draft
UL-2
CCI-003598
The organization defines the individuals or information systems to be the only recipients of organization-defined information, information system components, or devices, by employing organization-defined security safeguards.
Deprecated
TR-1
CCI-003599
The organization defines the individuals or information systems to be the only recipients of organization-defined information, information system components, or devices, by employing organization-defined security safeguards.
Draft
SC-37
CCI-003601
Develop and document an organization-level; mission/business process-level; and/or system-level access control policy that is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines.
Draft
Prev
1...
115
116
117
118
119
120
121
122
123
...172
Next