PT

RMF Control PT-3: Personally Identifiable Information Processing Purposes requires organizations to identify and document the purpose(s) for processing personally identifiable information (PII), describe the purpose(s) in the public privacy notices and policies of the organization, restrict the processing of PII to only that which is compatible with the identified purpose(s), and monitor changes in processing …

RMF Control PT-5: Privacy Notice requires organizations to provide individuals with notice of the personally identifiable information (PII) that is collected, used, disclosed, and retained, and how to exercise their privacy rights. Supplemental Guidance The Risk Management Framework (RMF) is a cybersecurity framework that provides a process for managing cybersecurity risk to systems and organizations. …