AU-3(3): Limit Personally Identifiable Information Elements
CSF v1.1 References:
PF v1.0 References:
Control is new to this version of the control set.
Limit personally identifiable information contained in audit records to the following elements identified in the privacy risk assessment: [Assignment: organization-defined elements].
Limiting personally identifiable information in audit records when such information is not needed for operational purposes helps reduce the level of privacy risk created by a system.