PE-8(3): Limit Personally Identifiable Information Elements

Control Family:

Physical and Environmental Protection

Parent Control:

PE-8: Visitor Access Records

CSF v1.1 References:

PR.AC-2

PF v1.0 References:

CT.DP-P2

Threats Addressed:

Tampering
Information Disclosure

Baselines:

Privacy

Control is new to this version of the control set.

Control Statement

Limit personally identifiable information contained in visitor access records to the following elements identified in the privacy risk assessment: [Assignment: organization-defined elements].

Supplemental Guidance

Organizations may have requirements that specify the contents of visitor access records. Limiting personally identifiable information in visitor access records when such information is not needed for operational purposes helps reduce the level of privacy risk created by a system.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5