Control-P (CT-P) | CT.DM-P: Data Processing Management | CT.DM-P6: Data are transmitted using standardized formats |
CT.DM-P7: Mechanisms for transmitting processing permissions and related data values with data elements are established and in place |
CT.DM-P8: Audit/log records are determined, documented, implemented, and reviewed in accordance with policy and incorporating the principle of data minimization |
CT.DM-P9: Technical measures implemented to manage data processing are tested and assessed |
CT.DM-P10: Stakeholder privacy preferences are included in algorithmic design objectives and outputs are evaluated against these preferences |
CT.DP-P: Disassociated Processing | CT.DP-P1: Data are processed to limit observability and linkability (e.g., data actions take place on local devices, privacy-preserving cryptography) |
CT.DP-P2: Data are processed to limit the identification of individuals (e.g., de-identification privacy techniques, tokenization) |
CT.DP-P3: Data are processed to limit the formulation of inferences about individuals' behavior or activities (e.g., data processing is decentralized, distributed architectures). |
CT.DP-P4: System or device configurations permit selective collection or disclosure of data elements |
CT.DP-P5: Attribute references are substituted for attribute values |
Communicate-P (CM-P) | CM.PO-P: Communication Policies, Processes, And Procedures | CM.PO-P1: Transparency policies, processes, and procedures for communicating data processing purposes, practices, and associated privacy risks are established and in place |
CM.PO-P2: Roles and responsibilities (e.g., public relations) for communicating data processing purposes, practices, and associated privacy risks are established |
CM.AW-P: Data Processing Awareness | CM.AW-P1: Mechanisms (e.g., notices, internal or public reports) for communicating data processing purposes, practices, associated privacy risks, and options for enabling individuals' data processing preferences and requests are established and in place. |
CM.AW-P2: Mechanisms for obtaining feedback from individuals (e.g., surveys or focus groups) about data processing and associated privacy risks are established and in place |
CM.AW-P3: System/product/service design enables data processing visibility |
CM.AW-P4: Records of data disclosures and sharing are maintained and can be accessed for review or transmission/disclosure |
CM.AW-P5: Data corrections or deletions can be communicated to individuals or organizations (e.g., data sources) in the data processing ecosystem |
CM.AW-P6: Data provenance and lineage are maintained and can be accessed for review or transmission/disclosure |
CM.AW-P7: Impacted individuals and organizations are notified about a privacy breach or event |
CM.AW-P8: Individuals are provided with mitigation mechanisms (e.g., credit monitoring, consent withdrawal, data alteration or deletion) to address impacts of problematic data actions |
Protect-P (PR-P) | PR.PO-P: Data Protection Policies, Processes, And Procedures | PR.PO-P1: A baseline configuration of information technology is created and maintained incorporating security principles (e.g., concept of least functionality) |
PR.PO-P2: Configuration change control processes are established and in place |
PR.PO-P3: Backups of information are conducted, maintained, and tested |
PR.PO-P4: Policy and regulations regarding the physical operating environment for organizational assets are met |
PR.PO-P5: Protection processes are improved |
PR.PO-P6: Effectiveness of protection technologies is shared |
PR.PO-P7: Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are established, in place, and managed |
PR.PO-P8: Response and recovery plans are tested |
PR.PO-P9: Privacy procedures are included in human resources practices (e.g., deprovisioning, personnel screening) |
PR.PO-P10: A vulnerability management plan is developed and implemented |
PR.AC-P: Identity Management, Authentication, And Access Control | PR.AC-P1: Identities and credentials are issued, managed, verified, revoked, and audited for authorized individuals, processes, and devices |
PR.AC-P2: Physical access to data and devices is managed |
PR.AC-P3: Remote access is managed |
PR.AC-P4: Access permissions and authorizations are managed, incorporating the principles of least privilege and separation of duties |
PR.AC-P5: Network integrity is protected (e.g., network segregation, network segmentation) |
PR.AC-P6: Individuals and devices are proofed and bound to credentials, and authenticated commensurate with the risk of the transaction (e.g., individuals' security and privacy risks and other organizational risks). |
PR.DS-P: Data Security | PR.DS-P1: Data-at-rest are protected |
PR.DS-P2: Data-in-transit are protected |
PR.DS-P3: Systems/products/services and associated data are formally managed throughout removal, transfers, and disposition |
PR.DS-P4: Adequate capacity to ensure availability is maintained |
PR.DS-P5: Protections against data leaks are implemented |
PR.DS-P6: Integrity checking mechanisms are used to verify software, firmware, and information integrity |
PR.DS-P7: The development and testing environment(s) are separate from the production environment |
PR.DS-P8: Integrity checking mechanisms are used to verify hardware integrity |
PR.MA-P: Maintenance | PR.MA-P1: Maintenance and repair of organizational assets are performed and logged, with approved and controlled tools |
PR.MA-P2: Remote maintenance of organizational assets is approved, logged, and performed in a manner that prevents unauthorized access |
PR.PT-P: Protective Technology | PR.PT-P1: Removable media is protected and its use restricted according to policy |
PR.PT-P2: The principle of least functionality is incorporated by configuring systems to provide only essential capabilities |
PR.PT-P3: Communications and control networks are protected |
PR.PT-P4: Mechanisms (e.g., failsafe, load balancing, hot swap) are implemented to achieve resilience requirements in normal and adverse situations |