DCH-18.2 ยท Limit Sensitive / Regulated Data In Testing, Training & Research

Control Description

Mechanisms exist to minimize the use of sensitive/regulated data for research, testing, or training, in accordance with authorized, legitimate business practices.

Control Question
Assessment question for control validation

Does the organization minimize the use of Personal Data (PD) for research, testing, or training, in accordance with the Data Protection Impact Assessment (DPIA)?

Control Weighting
8
Validation Cadence
Annual
NIST CSF Function
Protect
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 2 - Operational
Tier 3 - Tactical
Core Control Designations
Special designations and baseline inclusions
MAD: DCH-18.2
AI Model: DCH-18.2