N
|
controlPM-25

Minimization of Personally Identifiable Information Used in Testing, Training, and Research (PM-25)

Develop, document, and implement policies and procedures that address the use of personally identifiable information for internal testing, training, and research; Limit or minimize the amount of personally identifiable information used for internal testing, training, and research purposes; Authorize the use of personally identifiable information when such information is required for internal testing, training, and research; and Review and update policies and procedures [organization-defined].

program-managementgovernancestrategy

Why These Connect

Supports5

These related controls work together — a change to one may affect the others.

Related Controls(5)

PM-23Data Governance Body (PM-23)PT-3Personally Identifiable Information Processing Purposes (PT-3)SA-3System Development Life Cycle (SA-3)
LMH
SA-8Security and Privacy Engineering Principles (SA-8)
LMH
SI-12Information Management and Retention (SI-12)
LMH

See Also

@SP 800-53 OverviewCompare Baselines