← Back to catalog
SA-8(33)

Minimization

System and Services Acquisition (SA)
Baselines
Low · Not includedModerate · Not includedHigh · Not included
Description

Implement the privacy principle of minimization using [assignment].

Discussion

The principle of minimization states that organizations should only process personally identifiable information that is directly relevant and necessary to accomplish an authorized purpose and should only maintain personally identifiable information for as long as is necessary to accomplish the purpose. Organizations have processes in place, consistent with applicable laws and policies, to implement the principle of minimization.

Implementation guidance

No content available.

CSF 2.0 crosswalk

No CSF mappings exist for this control.