SI-12(1)

  • Requirement

    Limit personally identifiable information being processed in the information life cycle to the following elements of personally identifiable information: [Assignment: organization-defined elements of personally identifiable information].

  • Discussion

    Limiting the use of personally identifiable information throughout the information life cycle when the information is not needed for operational purposes helps to reduce the level of privacy risk created by a system. The information life cycle includes information creation, collection, use, processing, storage, maintenance, dissemination, disclosure, and disposition. Risk assessments as well as applicable laws, regulations, and policies can provide useful inputs to determining which elements of personally identifiable information may create risk.

More Info

  • Title

    Information Management and Retention | Limit Personally Identifiable Information Elements
  • Family

    System and Information Integrity
  • NIST 800-53B Baseline(s)

    • Privacy
  • Related NIST 800-53 ID

    PM-25

NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!