PM-5(1)

  • Requirement

    Establish, maintain, and update [Assignment: organization-defined frequency] an inventory of all systems, applications, and projects that process personally identifiable information.

  • Discussion

    An inventory of systems, applications, and projects that process personally identifiable information supports the mapping of data actions, providing individuals with privacy notices, maintaining accurate personally identifiable information, and limiting the processing of personally identifiable information when such information is not needed for operational purposes. Organizations may use this inventory to ensure that systems only process the personally identifiable information for authorized purposes and that this processing is still relevant and necessary for the purpose specified therein.

More Info

  • Title

    System Inventory | Inventory of Personally Identifiable Information
  • Family

    Program Management
  • NIST 800-53B Baseline(s)

    • Privacy
  • Related NIST 800-53 ID

    AC-3;CM-8;CM-12;CM-13;PL-8;PM-22;PT-3;PT-5;SI-12;SI-18

NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!