SI-19(1)

  • Requirement

    De-identify the dataset upon collection by not collecting personally identifiable information.

  • Discussion

    If a data source contains personally identifiable information but the information will not be used, the dataset can be de-identified when it is created by not collecting the data elements that contain the personally identifiable information. For example, if an organization does not intend to use the social security number of an applicant, then application forms do not ask for a social security number.

More Info

  • Title

    De-identification | Collection
  • Family

    System and Information Integrity
  • NIST 800-53B Baseline(s)

    • Related NIST 800-53 ID

    NIST 800-53A Assessment Guidance

    CMMC Training

    Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!