← Back to catalog
SA-15(12)

Minimize Personally Identifiable Information

System and Services Acquisition (SA)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Require the developer of the system or system component to minimize the use of personally identifiable information in development and test environments.

Discussion

Organizations can minimize the risk to an individual’s privacy by using techniques such as de-identification or synthetic data. Limiting the use of personally identifiable information in development and test environments helps reduce the level of privacy risk created by a system.

Implementation guidance

No content available.

CSF 2.0 crosswalk

No CSF mappings exist for this control.