| TIP: NIST SP 800-53 r4 Privacy Control AR-1: Governance and Privacy Program

NIST SP 800-53 r4 Privacy Control AR-1: Governance and Privacy Program, v4

Profile of requirements corresponding to NIST Special Publication 800-53 r4, Privacy Control AR-1: Governance and Privacy Program.

Identifier

https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-privacy-control-ar-1_-governance-and-privacy-program/4/

Publication Date

2021-04-26

Issuing Organization

Trustmark Initiative (https://trustmarkinitiative.org/) View Contact

Trustmark Support

help@trustmarkinitiative.org

555-555-5555

No Mailing Address

Keywords

800-53, Accountability, Audit, Governance, NIST, Privacy, Privacy Program, Risk Management

Legal Notice

This document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.

Tree View
Details View

Trust Expression:

TD_ref1 and TD_ref2 and TD_ref3 and TD_ref4 and TD_ref5 and TD_ref6 and TD_ref7 and TD_ref8 and TD_ref9 and TD_ref10 and TD_ref11 and TD_ref12 and TD_ref13 and TD_ref14 and TD_ref15 and TD_ref16

References (16)

TD Governance and Privacy Program - Organizational Privacy Plan, v1.0
Description	Defines conformance and assessment criteria for verifying that an organization develops a strategic organizational privacy plan for implementing applicable privacy controls, policies, and procedures.
ID	TD_ref1
Provider Reference

TD Governance and Privacy Program - Implements Privacy Policies, v1.0
Description	Defines conformance and assessment criteria for verifying that an organization implements operational privacy policies that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.
ID	TD_ref2
Provider Reference

TD Governance and Privacy Program - Develops Privacy Policies, v1.0
Description	Defines conformance and assessment criteria for verifying that an organization develops operational privacy policies that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.
ID	TD_ref3
Provider Reference

TD Governance and Privacy Program - Privacy Procedures Update, v1.0
Description	Defines conformance and assessment criteria for verifying that an organization updates privacy procedures organization-defined frequency, at least biennially.
ID	TD_ref4
Provider Reference

TD Governance and Privacy Program - Disseminates Privacy Procedures, v1.0
Description	Defines conformance and assessment criteria for verifying that an organization disseminates operational privacy procedures that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.
ID	TD_ref5
Provider Reference

TD Governance and Privacy Program - Monitoring of Regulations (General), v1.0
Description	Defines conformance and assessment criteria for verifying that an organization monitors applicable privacy laws and policy for changes that affect its privacy program.
ID	TD_ref6
Provider Reference

TD Governance and Privacy Program - Monitoring of Regulations (Federal), v1.0
Description	Defines conformance and assessment criteria for verifying that an organization monitors federal privacy laws and policy for changes that affect its privacy program.
ID	TD_ref7
Provider Reference

TD Governance and Privacy Program - Disseminates Privacy Policies, v1.0
Description	Defines conformance and assessment criteria for verifying that an organization disseminates operational privacy policies that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.
ID	TD_ref8
Provider Reference

TD Governance and Privacy Program - Senior Official Accountable for Developing Privacy Program, v1.0
Description	Defines conformance and assessment criteria for verifying that an organization appoints a Senior Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO) accountable for developing an organization-wide governance and privacy program to ensure compliance with all applicable laws and regulations regarding the collection, use, maintenance, sharing, and disposal of personally identifiable information (PII) by programs and information systems.
ID	TD_ref9
Provider Reference

TD Governance and Privacy Program - Develops Privacy Procedures, v1.0
Description	Defines conformance and assessment criteria for verifying that an organization develops operational privacy procedures that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.
ID	TD_ref10
Provider Reference

TD Governance and Privacy Program - Privacy Policy Update, v1.0
Description	Defines conformance and assessment criteria for verifying that an organization updates privacy policies organization-defined frequency, at least biennially.
ID	TD_ref11
Provider Reference

TD Governance and Privacy Program - Privacy Plan Updates, v1.0
Description	Defines conformance and assessment criteria for verifying that an organization updates the strategic organizational privacy plan at an organization-defined frequency, at least biennially.
ID	TD_ref12
Provider Reference

TD Governance and Privacy Program - Implements Privacy Procedures, v1.0
Description	Defines conformance and assessment criteria for verifying that an organization implements operational privacy procedures that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.
ID	TD_ref13
Provider Reference

TD Governance and Privacy Program - Senior Official Accountable for Maintaining Privacy Program, v1.0
Description	Defines conformance and assessment criteria for verifying that an organization appoints a Senior Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO) accountable for maintaining an organization-wide governance and privacy program to ensure compliance with all applicable laws and regulations regarding the collection, use, maintenance, sharing, and disposal of personally identifiable information (PII) by programs and information systems.
ID	TD_ref14
Provider Reference

TD Governance and Privacy Program - Privacy Program Resources, v1.0
Description	Defines conformance and assessment criteria for verifying that an organization allocates sufficient budget and staffing resources to implement and operate the organization-wide privacy program.
ID	TD_ref15
Provider Reference

TD Governance and Privacy Program - Senior Official Accountable for Implementing Privacy Program, v1.0
Description	Defines conformance and assessment criteria for verifying that an organization appoints a Senior Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO) accountable for implementing an organization-wide governance and privacy program to ensure compliance with all applicable laws and regulations regarding the collection, use, maintenance, sharing, and disposal of personally identifiable information (PII) by programs and information systems.
ID	TD_ref16
Provider Reference

Sources (1)

SP800-53R4	NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at http://dx.doi.org/10.6028/NIST.SP.800-53r4.

Also available as XML or JSON