>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

PE-8(3)Visitor Access Records | Limit Personally Identifiable Information Elements

IL5
IL6

>Control Description

Limit personally identifiable information contained in visitor access records to the following elements identified in the privacy risk assessment: organization-defined elements.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

Organizations may have requirements that specify the contents of visitor access records. Limiting personally identifiable information in visitor access records when such information is not needed for operational purposes helps reduce the level of privacy risk created by a system.

>Related Controls

RA-3
SA-8

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern the implementation of limit personally identifiable information elements for the organization's facilities?
  • Who is responsible for overseeing and maintaining limit personally identifiable information elements controls?
  • How frequently are limit personally identifiable information elements controls reviewed and updated?
  • What process exists for granting exceptions to limit personally identifiable information elements requirements?
  • How does the organization ensure accountability for limit personally identifiable information elements across all facility locations?

Technical Implementation:

  • What technologies or systems technically implement limit personally identifiable information elements?
  • How are these systems configured to meet the control requirements?
  • What monitoring or alerting capabilities exist for limit personally identifiable information elements?
  • How do limit personally identifiable information elements systems integrate with other physical security infrastructure?
  • What redundancy or backup mechanisms support limit personally identifiable information elements?

Evidence & Documentation:

  • Provide documented policies and procedures for limit personally identifiable information elements.
  • Provide evidence of limit personally identifiable information elements implementation and configuration.
  • Provide logs, records, or reports demonstrating limit personally identifiable information elements activities over the past 90 days.
  • Provide testing, maintenance, or inspection records for limit personally identifiable information elements from the past year.
  • Provide evidence of limit personally identifiable information elements reviews, audits, or assessments.

Ask AI

Configure your API key to use AI features.