{ "$TMF_VERSION": "1.4", "PublicationDateTime": "2021-04-26T00:00:00.000Z", "Description": "Profile of requirements corresponding to NIST Special Publication 800-53 r4, Privacy Control UL-2: Information Sharing with Third Parties.", "Keywords": [ "800-53", "Information Sharing", "NIST", "Privacy", "Third Parties", "Use Limitation" ], "Issuer": { "Identifier": "https://trustmarkinitiative.org/", "PrimaryContact": { "Email": "help@trustmarkinitiative.org", "Telephone": "555-555-5555", "Kind": "PRIMARY", "WebsiteURL": "https://trustmarkinitiative.org/", "Responder": "" }, "Name": "TMI" }, "Sources": [{ "Identifier": "SP800-53R4", "Reference": "NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at http://dx.doi.org/10.6028/NIST.SP.800-53r4<\/a>.", "$id": "source-2112165102" }], "Name": "NIST SP 800-53 r4 Privacy Control UL-2: Information Sharing with Third Parties", "TrustExpression": "TD_ref1 and TD_ref2 and TD_ref3 and TD_ref4 and TD_ref5 and TD_ref6 and TD_ref7 and TD_ref8 and TD_ref9 and TD_ref10", "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-privacy-control-ul-2_-information-sharing-with-third-parties/4/", "Version": "4", "References": {"TrustmarkDefinitionRequirements": [ { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---third-party-information-sharing-use-agreements/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization where appropriate, enters into Memoranda of Understanding, Memoranda of Agreement, Letters of Intent, Computer Matching Agreements, or similar agreements, with third parties that specifically describe the personally identifiable information (PII) covered and specifically enumerate the purposes for which the PII may be used.", "Number": 1, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---third-party-information-sharing-use-agreements/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization where appropriate, enters into Memoranda of Understanding, Memoranda of Agreement, Letters of Intent, Computer Matching Agreements, or similar agreements, with third parties that specifically describe the personally identifiable information (PII) covered and specifically enumerate the purposes for which the PII may be used.", "Number": 1, "Version": "1.0", "Name": "Privacy - Third Party Information Sharing Use Agreements" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - Third Party Information Sharing Use Agreements", "$id": "TD_ref1" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---information-sharing-with-third-parties-only-for-purposes-in-public-notices-and-privacy-act/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization shares personally identifiable information (PII) externally, only for the authorized purposes identified in the U.S. Privacy Act and/or described in its notice(s) or for a purpose that is compatible with those purposes.", "Number": 2, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---information-sharing-with-third-parties-only-for-purposes-in-public-notices-and-privacy-act/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization shares personally identifiable information (PII) externally, only for the authorized purposes identified in the U.S. Privacy Act and/or described in its notice(s) or for a purpose that is compatible with those purposes.", "Number": 2, "Version": "1.0", "Name": "Privacy - Information Sharing with Third Parties Only for Purposes In Public Notices and Privacy Act" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - Information Sharing with Third Parties Only for Purposes In Public Notices and Privacy Act", "$id": "TD_ref2" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---information-sharing-with-third-parties---staff-training-on-consequences-of-unauthorized-sharing/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization trains its staff on the consequences of unauthorized sharing of PII.", "Number": 3, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---information-sharing-with-third-parties---staff-training-on-consequences-of-unauthorized-sharing/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization trains its staff on the consequences of unauthorized sharing of PII.", "Number": 3, "Version": "1.0", "Name": "Privacy - Information Sharing with Third Parties - Staff Training on Consequences of Unauthorized Sharing" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - Information Sharing with Third Parties - Staff Training on Consequences of Unauthorized Sharing", "$id": "TD_ref3" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---information-sharing-with-third-parties---staff-auditing-of-authorized-sharing/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization audits its staff on the authorized sharing of personally identifiable information (PII) with third parties.", "Number": 4, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---information-sharing-with-third-parties---staff-auditing-of-authorized-sharing/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization audits its staff on the authorized sharing of personally identifiable information (PII) with third parties.", "Number": 4, "Version": "1.0", "Name": "Privacy - Information Sharing with Third Parties - Staff Auditing of Authorized Sharing" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - Information Sharing with Third Parties - Staff Auditing of Authorized Sharing", "$id": "TD_ref4" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---new-instances-of-information-sharing-with-third-parties-evaluated-for-authorization/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization evaluates any proposed new instances of sharing personally identifiable information (PII) with third parties to assess whether the sharing is authorized.", "Number": 5, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---new-instances-of-information-sharing-with-third-parties-evaluated-for-authorization/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization evaluates any proposed new instances of sharing personally identifiable information (PII) with third parties to assess whether the sharing is authorized.", "Number": 5, "Version": "1.0", "Name": "Privacy - New Instances of Information Sharing with Third Parties Evaluated for Authorization" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - New Instances of Information Sharing with Third Parties Evaluated for Authorization", "$id": "TD_ref5" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---information-sharing-with-third-parties---staff-monitoring-of-authorized-sharing/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization monitors its staff on the authorized sharing of personally identifiable information (PII) with third parties.", "Number": 6, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---information-sharing-with-third-parties---staff-monitoring-of-authorized-sharing/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization monitors its staff on the authorized sharing of personally identifiable information (PII) with third parties.", "Number": 6, "Version": "1.0", "Name": "Privacy - Information Sharing with Third Parties - Staff Monitoring of Authorized Sharing" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - Information Sharing with Third Parties - Staff Monitoring of Authorized Sharing", "$id": "TD_ref6" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---information-sharing-with-third-parties---staff-training-on-consequences-of-unauthorized-use/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization trains its staff on the consequences of unauthorized use of PII.", "Number": 7, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---information-sharing-with-third-parties---staff-training-on-consequences-of-unauthorized-use/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization trains its staff on the consequences of unauthorized use of PII.", "Number": 7, "Version": "1.0", "Name": "Privacy - Information Sharing with Third Parties - Staff Training on Consequences of Unauthorized Use" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - Information Sharing with Third Parties - Staff Training on Consequences of Unauthorized Use", "$id": "TD_ref7" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---information-sharing-with-third-parties---staff-training-on-authorized-sharing/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization trains its staff on the authorized sharing of personally identifiable information (PII) with third parties.", "Number": 8, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---information-sharing-with-third-parties---staff-training-on-authorized-sharing/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization trains its staff on the authorized sharing of personally identifiable information (PII) with third parties.", "Number": 8, "Version": "1.0", "Name": "Privacy - Information Sharing with Third Parties - Staff Training on Authorized Sharing" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - Information Sharing with Third Parties - Staff Training on Authorized Sharing", "$id": "TD_ref8" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---information-sharing-with-third-parties-only-for-purposes-in-public-notices/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization shares personally identifiable information (PII) externally, only for the authorized purposes described in its notice(s) or for a purpose that is compatible with those purposes.", "Number": 9, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---information-sharing-with-third-parties-only-for-purposes-in-public-notices/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization shares personally identifiable information (PII) externally, only for the authorized purposes described in its notice(s) or for a purpose that is compatible with those purposes.", "Number": 9, "Version": "1.0", "Name": "Privacy - Information Sharing with Third Parties Only for Purposes In Public Notices" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - Information Sharing with Third Parties Only for Purposes In Public Notices", "$id": "TD_ref9" }, { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---new-instances-of-information-sharing-with-third-parties-evaluated-for-notice-updates/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization evaluates any proposed new instances of sharing personally identifiable information (PII) with third parties to assess whether additional or new public notice is required.", "Number": 10, "Version": "1.0", "TrustmarkDefinitionReference": { "Identifier": "https://artifacts.trustmarkinitiative.org/lib/tds/privacy---new-instances-of-information-sharing-with-third-parties-evaluated-for-notice-updates/1.0/", "Description": "Defines conformance and assessment criteria for verifying that an organization evaluates any proposed new instances of sharing personally identifiable information (PII) with third parties to assess whether additional or new public notice is required.", "Number": 10, "Version": "1.0", "Name": "Privacy - New Instances of Information Sharing with Third Parties Evaluated for Notice Updates" }, "$Type": "TrustmarkDefinitionRequirement", "Name": "Privacy - New Instances of Information Sharing with Third Parties Evaluated for Notice Updates", "$id": "TD_ref10" } ]}, "Primary": "false", "LegalNotice": "This document and the information contained herein is provided on an \"AS IS\" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.", "$Type": "TrustInteroperabilityProfile" }