CM.AW-P2: Mechanisms for obtaining feedback from individuals (e.g., surveys or focus groups) about data processing and associated privacy risks are established and in place
Description
[csf.tools Note: Subcategories do not have detailed descriptions.]
Related Controls
NIST Special Publication 800-53 Revision 5
PM-15: Security and Privacy Groups and Associations
Establish and institutionalize contact with selected groups and associations within the security and privacy communities: To facilitate ongoing security and privacy education and training for organizational personnel; To maintain currency with recommended security and privacy practices, techniques, and technologies; and To share current security and privacy information, including threats, vulnerabilities, and incidents.
PM-20: Dissemination of Privacy Program Information
Maintain a central resource webpage on the organization’s principal public website that serves as a central source of information about the organization’s privacy program and that: Ensures that the public has access to information about organizational privacy activities and can communicate with its senior agency official for privacy; Ensures that organizational privacy practices and reports…
PM-26: Complaint Management
Implement a process for receiving and responding to complaints, concerns, or questions from individuals about the organizational security and privacy practices that includes: Mechanisms that are easy to use and readily accessible by the public; All information necessary for successfully filing complaints; Tracking mechanisms to ensure all complaints received are reviewed and addressed within [Assignment:…
NIST Special Publication 800-53 Revision 4
PM-15: Contacts With Security Groups And Associations
The organization establishes and institutionalizes contact with selected groups and associations within the security community: To facilitate ongoing security education and training for organizational personnel; To maintain currency with recommended security practices, techniques, and technologies; and To share current security-related information including threats, vulnerabilities, and incidents.