AU-3(3): Limit Personally Identifiable Information Elements
Control Family:
Parent Control:
CSF v1.1 References:
PF v1.0 References:
Baselines:
- Privacy
Control is new to this version of the control set.
Control Statement
Limit personally identifiable information contained in audit records to the following elements identified in the privacy risk assessment: [Assignment: organization-defined elements].
Supplemental Guidance
Limiting personally identifiable information in audit records when such information is not needed for operational purposes helps reduce the level of privacy risk created by a system.