SEA-09.1 ยท Limit Personal Data (PD) Dissemination

Control Description

Mechanisms exist to limit the dissemination of Personal Data (PD) to organization-defined elements identified in the Data Protection Impact Assessment (DPIA) and consistent with authorized purposes.

Control Question
Assessment question for control validation

Does the organization limit the dissemination of Personal Data (PD) to organization-defined elements identified in the Data Protection Impact Assessment (DPIA) and consistent with authorized purposes?

Control Weighting
8
Validation Cadence
Annual
NIST CSF Function
Protect
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 2 - Operational
Tier 3 - Tactical