• xBaseline: Privacy
IDNameBaselinesThreats
LowModerateHighPrivacy
AC-1Policy and ProceduresSTRIDE-LM
AC-3(14)Individual Access   STRIDE-LM
AT-1Policy and ProceduresSTRIDE-LM
AT-2Literacy Training and AwarenessSTRIDE-LM
AT-3Role-based TrainingSTRIDE-LM
(5)Processing Personally Identifiable Information   STRIDE-LM
AT-4Training RecordsSTRIDE-LM
AU-1Policy and ProceduresSTRIDE-LM
AU-2Event LoggingSTRIDE-LM
AU-3(3)Limit Personally Identifiable Information Elements   STRIDE-LM
AU-11Audit Record RetentionSTRIDE-LM
CA-1Policy and ProceduresSTRIDE-LM
CA-2Control AssessmentsSTRIDE-LM
CA-5Plan of Action and MilestonesSTRIDE-LM
CA-6AuthorizationSTRIDE-LM
CA-7Continuous MonitoringSTRIDE-LM
(4)Risk MonitoringSTRIDE-LM
CM-1Policy and ProceduresSTRIDE-LM
CM-4Impact AnalysesSTRIDE-LM
IR-1Policy and ProceduresSTRIDE-LM
IR-2Incident Response TrainingSTRIDE-LM
IR-3Incident Response Testing STRIDE-LM
IR-4Incident HandlingSTRIDE-LM
IR-5Incident MonitoringSTRIDE-LM
IR-6Incident ReportingSTRIDE-LM
IR-7Incident Response AssistanceSTRIDE-LM
IR-8Incident Response PlanSTRIDE-LM
(1)Breaches   STRIDE-LM
MP-1Policy and ProceduresSTRIDE-LM
MP-6Media SanitizationSTRIDE-LM
PE-8(3)Limit Personally Identifiable Information Elements   STRIDE-LM
PL-1Policy and ProceduresSTRIDE-LM
PL-2System Security and Privacy PlansSTRIDE-LM
PL-4Rules of BehaviorSTRIDE-LM
(1)Social Media and External Site/application Usage RestrictionsSTRIDE-LM
PL-8Security and Privacy Architectures STRIDE-LM
PL-9Central Management   STRIDE-LM
PM-3Information Security and Privacy Resources   STRIDE-LM
PM-4Plan of Action and Milestones Process   STRIDE-LM
PM-5(1)Inventory of Personally Identifiable Information   STRIDE-LM
PM-6Measures of Performance   STRIDE-LM
PM-7Enterprise Architecture   STRIDE-LM
PM-8Critical Infrastructure Plan   STRIDE-LM
PM-9Risk Management Strategy   STRIDE-LM
PM-10Authorization Process   STRIDE-LM
PM-11Mission and Business Process Definition   STRIDE-LM
PM-13Security and Privacy Workforce   STRIDE-LM
PM-14Testing, Training, and Monitoring   STRIDE-LM
PM-17Protecting Controlled Unclassified Information on External Systems   STRIDE-LM
PM-18Privacy Program Plan   STRIDE-LM