{ "$TMF_VERSION": "1.4", "PublicationDateTime": "2021-04-26T00:00:00.000Z", "Description": "Profile of requirements corresponding to NIST Special Publication 800-53 r4, Privacy Control AR-1: Governance and Privacy Program.", "Keywords": [ "800-53", "Accountability", "Audit", "Governance", "NIST", "Privacy", "Privacy Program", "Risk Management" ], "Issuer": { "Identifier": "https://trustmarkinitiative.org/", "PrimaryContact": { "Email": "help@trustmarkinitiative.org", "Telephone": "555-555-5555", "Kind": "PRIMARY", "WebsiteURL": "https://trustmarkinitiative.org/", "Responder": "" }, "Name": "TMI" }, "Sources": [{ "Identifier": "SP800-53R4", "Reference": "NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at http://dx.doi.org/10.6028/NIST.SP.800-53r4<\/a>.", "$id": "source-2112165102" }], "Name": "NIST SP 800-53 r4 Privacy Control AR-1: Governance and Privacy Program", "TrustExpression": "TD_ref1 and TD_ref2 and TD_ref3 and TD_ref4 and TD_ref5 and TD_ref6 and TD_ref7 and TD_ref8 and TD_ref9 and TD_ref10 and TD_ref11 and TD_ref12 and TD_ref13 and TD_ref14 and TD_ref15 and TD_ref16", "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-privacy-control-ar-1_-governance-and-privacy-program/4/", "Version": "4", "References": {"TrustmarkDefinitionRequirements": [ { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---organizational-privacy-plan/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops a strategic organizational privacy plan for implementing applicable privacy controls, policies, and procedures.", "Number": 1, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---organizational-privacy-plan/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops a strategic organizational privacy plan for implementing applicable privacy controls, policies, and procedures.", "Number": 1, "Version": "1.0", "Name": "Governance and Privacy Program - Organizational Privacy Plan" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Governance and Privacy Program - Organizational Privacy Plan", "$id": "TD_ref1" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---implements-privacy-policies/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization implements operational privacy policies that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.", "Number": 2, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---implements-privacy-policies/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization implements operational privacy policies that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.", "Number": 2, "Version": "1.0", "Name": "Governance and Privacy Program - Implements Privacy Policies" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Governance and Privacy Program - Implements Privacy Policies", "$id": "TD_ref2" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---develops-privacy-policies/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops operational privacy policies that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.", "Number": 3, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---develops-privacy-policies/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops operational privacy policies that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.", "Number": 3, "Version": "1.0", "Name": "Governance and Privacy Program - Develops Privacy Policies" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Governance and Privacy Program - Develops Privacy Policies", "$id": "TD_ref3" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---privacy-procedures-update/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization updates privacy procedures organization-defined frequency, at least biennially.", "Number": 4, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---privacy-procedures-update/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization updates privacy procedures organization-defined frequency, at least biennially.", "Number": 4, "Version": "1.0", "Name": "Governance and Privacy Program - Privacy Procedures Update" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Governance and Privacy Program - Privacy Procedures Update", "$id": "TD_ref4" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---disseminates-privacy-procedures/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization disseminates operational privacy procedures that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.", "Number": 5, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---disseminates-privacy-procedures/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization disseminates operational privacy procedures that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.", "Number": 5, "Version": "1.0", "Name": "Governance and Privacy Program - Disseminates Privacy Procedures" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Governance and Privacy Program - Disseminates Privacy Procedures", "$id": "TD_ref5" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---monitoring-of-regulations-_general_/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization monitors applicable privacy laws and policy for changes that affect its privacy program.", "Number": 6, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---monitoring-of-regulations-_general_/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization monitors applicable privacy laws and policy for changes that affect its privacy program.", "Number": 6, "Version": "1.0", "Name": "Governance and Privacy Program - Monitoring of Regulations (General)" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Governance and Privacy Program - Monitoring of Regulations (General)", "$id": "TD_ref6" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---monitoring-of-regulations-_federal_/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization monitors federal privacy laws and policy for changes that affect its privacy program.", "Number": 7, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---monitoring-of-regulations-_federal_/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization monitors federal privacy laws and policy for changes that affect its privacy program.", "Number": 7, "Version": "1.0", "Name": "Governance and Privacy Program - Monitoring of Regulations (Federal)" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Governance and Privacy Program - Monitoring of Regulations (Federal)", "$id": "TD_ref7" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---disseminates-privacy-policies/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization disseminates operational privacy policies that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.", "Number": 8, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---disseminates-privacy-policies/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization disseminates operational privacy policies that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.", "Number": 8, "Version": "1.0", "Name": "Governance and Privacy Program - Disseminates Privacy Policies" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Governance and Privacy Program - Disseminates Privacy Policies", "$id": "TD_ref8" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---senior-official-accountable-for-developing-privacy-program/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization appoints a Senior Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO) accountable for developing an organization-wide governance and privacy program to ensure compliance with all applicable laws and regulations regarding the collection, use, maintenance, sharing, and disposal of personally identifiable information (PII) by programs and information systems.", "Number": 9, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---senior-official-accountable-for-developing-privacy-program/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization appoints a Senior Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO) accountable for developing an organization-wide governance and privacy program to ensure compliance with all applicable laws and regulations regarding the collection, use, maintenance, sharing, and disposal of personally identifiable information (PII) by programs and information systems.", "Number": 9, "Version": "1.0", "Name": "Governance and Privacy Program - Senior Official Accountable for Developing Privacy Program" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Governance and Privacy Program - Senior Official Accountable for Developing Privacy Program", "$id": "TD_ref9" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---develops-privacy-procedures/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops operational privacy procedures that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.", "Number": 10, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---develops-privacy-procedures/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization develops operational privacy procedures that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.", "Number": 10, "Version": "1.0", "Name": "Governance and Privacy Program - Develops Privacy Procedures" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Governance and Privacy Program - Develops Privacy Procedures", "$id": "TD_ref10" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---privacy-policy-update/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization updates privacy policies organization-defined frequency, at least biennially.", "Number": 11, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---privacy-policy-update/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization updates privacy policies organization-defined frequency, at least biennially.", "Number": 11, "Version": "1.0", "Name": "Governance and Privacy Program - Privacy Policy Update" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Governance and Privacy Program - Privacy Policy Update", "$id": "TD_ref11" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---privacy-plan-updates/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization updates the strategic organizational privacy plan at an organization-defined frequency, at least biennially.", "Number": 12, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---privacy-plan-updates/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization updates the strategic organizational privacy plan at an organization-defined frequency, at least biennially.", "Number": 12, "Version": "1.0", "Name": "Governance and Privacy Program - Privacy Plan Updates" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Governance and Privacy Program - Privacy Plan Updates", "$id": "TD_ref12" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---implements-privacy-procedures/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization implements operational privacy procedures that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.", "Number": 13, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---implements-privacy-procedures/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization implements operational privacy procedures that govern the appropriate privacy and security controls for programs, information systems, or technologies involving PII.", "Number": 13, "Version": "1.0", "Name": "Governance and Privacy Program - Implements Privacy Procedures" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Governance and Privacy Program - Implements Privacy Procedures", "$id": "TD_ref13" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---senior-official-accountable-for-maintaining-privacy-program/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization appoints a Senior Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO) accountable for maintaining an organization-wide governance and privacy program to ensure compliance with all applicable laws and regulations regarding the collection, use, maintenance, sharing, and disposal of personally identifiable information (PII) by programs and information systems.", "Number": 14, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---senior-official-accountable-for-maintaining-privacy-program/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization appoints a Senior Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO) accountable for maintaining an organization-wide governance and privacy program to ensure compliance with all applicable laws and regulations regarding the collection, use, maintenance, sharing, and disposal of personally identifiable information (PII) by programs and information systems.", "Number": 14, "Version": "1.0", "Name": "Governance and Privacy Program - Senior Official Accountable for Maintaining Privacy Program" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Governance and Privacy Program - Senior Official Accountable for Maintaining Privacy Program", "$id": "TD_ref14" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---privacy-program-resources/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization allocates sufficient budget and staffing resources to implement and operate the organization-wide privacy program.", "Number": 15, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---privacy-program-resources/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization allocates sufficient budget and staffing resources to implement and operate the organization-wide privacy program.", "Number": 15, "Version": "1.0", "Name": "Governance and Privacy Program - Privacy Program Resources" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Governance and Privacy Program - Privacy Program Resources", "$id": "TD_ref15" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---senior-official-accountable-for-implementing-privacy-program/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization appoints a Senior Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO) accountable for implementing an organization-wide governance and privacy program to ensure compliance with all applicable laws and regulations regarding the collection, use, maintenance, sharing, and disposal of personally identifiable information (PII) by programs and information systems.", "Number": 16, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/governance-and-privacy-program---senior-official-accountable-for-implementing-privacy-program/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization appoints a Senior Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO) accountable for implementing an organization-wide governance and privacy program to ensure compliance with all applicable laws and regulations regarding the collection, use, maintenance, sharing, and disposal of personally identifiable information (PII) by programs and information systems.", "Number": 16, "Version": "1.0", "Name": "Governance and Privacy Program - Senior Official Accountable for Implementing Privacy Program" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Governance and Privacy Program - Senior Official Accountable for Implementing Privacy Program", "$id": "TD_ref16" } ]}, "Primary": "false", "LegalNotice": "This document and the information contained herein is provided on an \"AS IS\" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.", "$Type": "TrustInteroperabilityProfile" }