MON-03.5 ยท Limit Personal Data (PD) In Audit Records

Control Description

Mechanisms exist to limit Personal Data (PD) contained in audit records to the elements identified in the Data Privacy Risk Assessment (DPRA).

Control Question
Assessment question for control validation

Does the organization limit Personal Data (PD) contained in audit records to the elements identified in the Data Privacy Risk Assessment (DPRA)?

Control Weighting
8
Validation Cadence
Annual
NIST CSF Function
Detect
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 2 - Operational
Tier 3 - Tactical