SI-12(2)

  • Requirement

    Use the following techniques to minimize the use of personally identifiable information for research, testing, or training: [Assignment: organization-defined techniques].

  • Discussion

    Organizations can minimize the risk to an individual's privacy by employing techniques such as de-identification or synthetic data. Limiting the use of personally identifiable information throughout the information life cycle when the information is not needed for research, testing, or training helps reduce the level of privacy risk created by a system. Risk assessments as well as applicable laws, regulations, and policies can provide useful inputs to determining the techniques to use and when to use them.

More Info

  • Title

    Information Management and Retention | Minimize Personally Identifiable Information in Testing, Training, and Research
  • Family

    System and Information Integrity
  • NIST 800-53B Baseline(s)

    • Privacy
  • Related NIST 800-53 ID

    PM-22;PM-25;SI-19

NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!