Establish, implement, and maintain a privacy report.
CONTROL ID 14754
CONTROL TYPE Establish/Maintain Documentation
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Establish, implement, and maintain a privacy framework that protects restricted data., CC ID: 11850
This Control has the following implementation support Control(s):
Disseminate and communicate the privacy report to interested personnel and affected parties., CC ID: 14761
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
Develop [Assignment: organization-defined privacy reports] and disseminate to: (PM-27a., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
Review and update privacy reports [Assignment: organization-defined frequency]. (PM-27b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
Review and update privacy reports [Assignment: organization-defined frequency]. (PM-27b., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
Develop [Assignment: organization-defined privacy reports] and disseminate to: (PM-27a., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
Review and update privacy reports [Assignment: organization-defined frequency]. (PM-27b., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
Develop [Assignment: organization-defined privacy reports] and disseminate to: (PM-27a., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
Review and update privacy reports [Assignment: organization-defined frequency]. (PM-27b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
Develop [Assignment: organization-defined privacy reports] and disseminate to: (PM-27a., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
Review and update privacy reports [Assignment: organization-defined frequency]. (PM-27b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
Develop [Assignment: organization-defined privacy reports] and disseminate to: (PM-27a., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)