| TIP: NIST SP 800-53 r4 Privacy Control UL-2: Information Sharing with Third Parties

NIST SP 800-53 r4 Privacy Control UL-2: Information Sharing with Third Parties, v4

Profile of requirements corresponding to NIST Special Publication 800-53 r4, Privacy Control UL-2: Information Sharing with Third Parties.

Identifier

https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-privacy-control-ul-2_-information-sharing-with-third-parties/4/

Publication Date

2021-04-26

Issuing Organization

TMI (https://trustmarkinitiative.org/) View Contact

No Responder

help@trustmarkinitiative.org

555-555-5555

No Mailing Address

Keywords

800-53, Information Sharing, NIST, Privacy, Third Parties, Use Limitation

Legal Notice

This document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.

Tree View
Details View

Trust Expression:

TD_ref1 and TD_ref2 and TD_ref3 and TD_ref4 and TD_ref5 and TD_ref6 and TD_ref7 and TD_ref8 and TD_ref9 and TD_ref10

References (10)

TD Privacy - Third Party Information Sharing Use Agreements, v1.0
Description	Defines conformance and assessment criteria for verifying that an organization where appropriate, enters into Memoranda of Understanding, Memoranda of Agreement, Letters of Intent, Computer Matching Agreements, or similar agreements, with third parties that specifically describe the personally identifiable information (PII) covered and specifically enumerate the purposes for which the PII may be used.
ID	TD_ref1
Provider Reference

TD Privacy - Information Sharing with Third Parties Only for Purposes In Public Notices and Privacy Act, v1.0
Description	Defines conformance and assessment criteria for verifying that an organization shares personally identifiable information (PII) externally, only for the authorized purposes identified in the U.S. Privacy Act and/or described in its notice(s) or for a purpose that is compatible with those purposes.
ID	TD_ref2
Provider Reference

TD Privacy - Information Sharing with Third Parties - Staff Training on Consequences of Unauthorized Sharing, v1.0
Description	Defines conformance and assessment criteria for verifying that an organization trains its staff on the consequences of unauthorized sharing of PII.
ID	TD_ref3
Provider Reference

TD Privacy - Information Sharing with Third Parties - Staff Auditing of Authorized Sharing, v1.0
Description	Defines conformance and assessment criteria for verifying that an organization audits its staff on the authorized sharing of personally identifiable information (PII) with third parties.
ID	TD_ref4
Provider Reference

TD Privacy - New Instances of Information Sharing with Third Parties Evaluated for Authorization, v1.0
Description	Defines conformance and assessment criteria for verifying that an organization evaluates any proposed new instances of sharing personally identifiable information (PII) with third parties to assess whether the sharing is authorized.
ID	TD_ref5
Provider Reference

TD Privacy - Information Sharing with Third Parties - Staff Monitoring of Authorized Sharing, v1.0
Description	Defines conformance and assessment criteria for verifying that an organization monitors its staff on the authorized sharing of personally identifiable information (PII) with third parties.
ID	TD_ref6
Provider Reference

TD Privacy - Information Sharing with Third Parties - Staff Training on Consequences of Unauthorized Use, v1.0
Description	Defines conformance and assessment criteria for verifying that an organization trains its staff on the consequences of unauthorized use of PII.
ID	TD_ref7
Provider Reference

TD Privacy - Information Sharing with Third Parties - Staff Training on Authorized Sharing, v1.0
Description	Defines conformance and assessment criteria for verifying that an organization trains its staff on the authorized sharing of personally identifiable information (PII) with third parties.
ID	TD_ref8
Provider Reference

TD Privacy - Information Sharing with Third Parties Only for Purposes In Public Notices, v1.0
Description	Defines conformance and assessment criteria for verifying that an organization shares personally identifiable information (PII) externally, only for the authorized purposes described in its notice(s) or for a purpose that is compatible with those purposes.
ID	TD_ref9
Provider Reference

TD Privacy - New Instances of Information Sharing with Third Parties Evaluated for Notice Updates, v1.0
Description	Defines conformance and assessment criteria for verifying that an organization evaluates any proposed new instances of sharing personally identifiable information (PII) with third parties to assess whether additional or new public notice is required.
ID	TD_ref10
Provider Reference

Sources (1)

SP800-53R4	NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at http://dx.doi.org/10.6028/NIST.SP.800-53r4.

Also available as XML or JSON