← Back to catalog
AU-3(3)

Limit Personally Identifiable Information Elements

Audit and Accountability (AU)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Limit personally identifiable information contained in audit records to the following elements identified in the privacy risk assessment: [assignment].

Discussion

Limiting personally identifiable information in audit records when such information is not needed for operational purposes helps reduce the level of privacy risk created by a system.

Implementation guidance

No content available.

CSF 2.0 crosswalk

No CSF mappings exist for this control.