SA-15(12): Minimize Personally Identifiable Information

Control Family:

System and Services Acquisition

Parent Control:

SA-15: Development Process, Standards, and Tools

CSF v1.1 References:

ID.SC-2

Baselines:

(Not part of any baseline)

Control is new to this version of the control set.

Control Statement

Require the developer of the system or system component to minimize the use of personally identifiable information in development and test environments.

Supplemental Guidance

Organizations can minimize the risk to an individual's privacy by using techniques such as de-identification or synthetic data. Limiting the use of personally identifiable information in development and test environments helps reduce the level of privacy risk created by a system.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5