SA-15(12)—Minimize Personally Identifiable Information
>Control Description
Require the developer of the system or system component to minimize the use of personally identifiable information in development and test environments.
>Supplemental Guidance
Organizations can minimize the risk to an individual’s privacy by using techniques such as de-identification or synthetic data. Limiting the use of personally identifiable information in development and test environments helps reduce the level of privacy risk created by a system.