• Requirement

    Implement the privacy principle of minimization using [Assignment: organization-defined processes].

  • Discussion

    The principle of minimization states that organizations should only process personally identifiable information that is directly relevant and necessary to accomplish an authorized purpose and should only maintain personally identifiable information for as long as is necessary to accomplish the purpose. Organizations have processes in place, consistent with applicable laws and policies, to implement the principle of minimization.

More Info

  • Title

    Security and Privacy Engineering Principles | Minimization
  • Family

    System and Services Acquisition
  • Related NIST 800-53 ID


CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!