|
controlPT-2
Authority to Process Personally Identifiable Information (PT-2)
Determine and document the [organization-defined] that permits the [organization-defined] of personally identifiable information; and Restrict the [organization-defined] of personally identifiable information to only that which is authorized.
piiprivacytransparencydata-processing
Why These Connect
Supports36
These related controls work together — a change to one may affect the others.
Enhances2
These enhancements add specific capabilities or refinements to the base control.
Related Controls(22)
AC-2Account Management (AC-2)
LMH
AC-3Access Enforcement (AC-3)LMH
AC-16Security and Privacy Attributes (AC-16)AC-21Information Sharing (AC-21)MH
AC-23Data Mining Protection (AC-23)AT-2Literacy Training and Awareness (AT-2)LMH
AU-2Event Logging (AU-2)LMH
CM-13Data Action Mapping (CM-13)IR-9Information Spillage Response (IR-9)PM-9Risk Management Strategy (PM-9)PM-21Accounting of Disclosures (PM-21)PM-24Data Integrity Board (PM-24)PT-1Policy and Procedures (PT-1)PT-3Personally Identifiable Information Processing Purposes (PT-3)PT-5Privacy Notice (PT-5)PT-6System of Records Notice (PT-6)RA-3Risk Assessment (RA-3)LMH
RA-8Privacy Impact Assessments (RA-8)SI-12Information Management and Retention (SI-12)LMH
SI-18Personally Identifiable Information Quality Operations (SI-18)PT-4Consent (PT-4)PT-7Specific Categories of Personally Identifiable Information (PT-7)