Back

Include roles and responsibilities in the privacy policy.


CONTROL ID
14669
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Define what is included in the privacy policy., CC ID: 00404

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • As is the case with respect to criminal law enforcement authorities, Privacy and Civil Liberties Officers exist at all intelligence agencies. The powers of these officers typically encompass the supervision of procedures to ensure that the respective department/agency is adequately considering priva… (3.2.2 (164), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • Firstly, Privacy and Civil Liberties Officers exist within various departments with criminal law enforcement responsibilities. While the specific powers of these officers may vary somewhat depending on the authorising statute, they typically encompass the supervision of procedures to ensure that the… (3.1.2 (108), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • Define and document information security and privacy roles and responsibilities throughout the system development life cycle; (SA-3b., FedRAMP Security Controls High Baseline, Version 5)
  • Define and document information security and privacy roles and responsibilities throughout the system development life cycle; (SA-3b., FedRAMP Security Controls Low Baseline, Version 5)
  • Define and document information security and privacy roles and responsibilities throughout the system development life cycle; (SA-3b., FedRAMP Security Controls Moderate Baseline, Version 5)
  • Define and document information security and privacy roles and responsibilities throughout the system development life cycle; (SA-3b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Define and document information security and privacy roles and responsibilities throughout the system development life cycle; (SA-3b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
  • Define and document information security and privacy roles and responsibilities throughout the system development life cycle; (SA-3b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Define and document information security and privacy roles and responsibilities throughout the system development life cycle; (SA-3b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
  • Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PT-1a.1(a), Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
  • Define and document information security and privacy roles and responsibilities throughout the system development life cycle; (SA-3b., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
  • Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PT-1a.1(a), Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Flow Down Controls)
  • Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PT-1a.1(a), Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 1 Controls)
  • Define and document information security and privacy roles and responsibilities throughout the system development life cycle; (SA-3b., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 1 Controls)
  • Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PT-1a.1(a), Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Define and document information security and privacy roles and responsibilities throughout the system development life cycle; (SA-3b., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PT-1a.1(a), Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • Define and document information security and privacy roles and responsibilities throughout the system development life cycle; (SA-3b., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PT-1a.1(a), Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Define and document information security and privacy roles and responsibilities throughout the system development life cycle; (SA-3b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and (PT-1a.1(a), Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Define and document information security and privacy roles and responsibilities throughout the system development life cycle; (SA-3b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Agency Privacy Programs. In order to manage Federal information resources that involve PII, agencies must develop, implement, document, maintain, and oversee agency-wide privacy programs that include people, processes, and technologies. Agencies' privacy programs are led by the Senior Agency Officia… (Section VII (A) ¶ 3, OMB Circular No. A-123, Management’s Responsibility for Enterprise Risk Management and Internal Control)
  • Identifies the controller, including any business name under which the controller registered with the Secretary of State and any assumed business name that the controller uses in this state; (Section 5 (4)(g), 82nd Oregon Legislative Assembly, Senate Bill 619)
  • Identifies the controller, including any business name under which the controller registered with the Secretary of State and any assumed business name that the controller uses in this state; (Section 5 (4)(g), 82nd Oregon Legislative Assembly, Senate Bill 619)