Back

Disseminate and communicate the privacy report to interested personnel and affected parties.


CONTROL ID
14761
CONTROL TYPE
Communicate
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a privacy report., CC ID: 14754

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Develop [Assignment: organization-defined privacy reports] and disseminate to: (PM-27a., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
  • [Assignment: organization-defined oversight bodies] to demonstrate accountability with statutory, regulatory, and policy privacy mandates; and (PM-27a.1., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
  • [Assignment: organization-defined officials] and other personnel with responsibility for monitoring privacy program compliance; and (PM-27a.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
  • [Assignment: organization-defined officials] and other personnel with responsibility for monitoring privacy program compliance; and (PM-27a.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • [Assignment: organization-defined oversight bodies] to demonstrate accountability with statutory, regulatory, and policy privacy mandates; and (PM-27a.1., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Develop [Assignment: organization-defined privacy reports] and disseminate to: (PM-27a., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • [Assignment: organization-defined officials] and other personnel with responsibility for monitoring privacy program compliance; and (PM-27a.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • [Assignment: organization-defined oversight bodies] to demonstrate accountability with statutory, regulatory, and policy privacy mandates; and (PM-27a.1., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • Develop [Assignment: organization-defined privacy reports] and disseminate to: (PM-27a., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • Report on a periodic basis regarding the status of the privacy program to the Board, CEO or other responsible individual or committee (T0885, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • [Assignment: organization-defined officials] and other personnel with responsibility for monitoring privacy program compliance; and (PM-27a.2., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • [Assignment: organization-defined oversight bodies] to demonstrate accountability with statutory, regulatory, and policy privacy mandates; and (PM-27a.1., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Develop [Assignment: organization-defined privacy reports] and disseminate to: (PM-27a., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • [Assignment: organization-defined officials] and other personnel with responsibility for monitoring privacy program compliance; and (PM-27a.2., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • [Assignment: organization-defined oversight bodies] to demonstrate accountability with statutory, regulatory, and policy privacy mandates; and (PM-27a.1., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Develop [Assignment: organization-defined privacy reports] and disseminate to: (PM-27a., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)