← Back to catalog
SA-8(33)
Minimization
System and Services Acquisition (SA)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description
Implement the privacy principle of minimization using [assignment].
Discussion
The principle of minimization states that organizations should only process personally identifiable information that is directly relevant and necessary to accomplish an authorized purpose and should only maintain personally identifiable information for as long as is necessary to accomplish the purpose. Organizations have processes in place, consistent with applicable laws and policies, to implement the principle of minimization.
Implementation guidance
No content available.
CSF 2.0 crosswalk
No CSF mappings exist for this control.