SA-15(12) Minimize Personally Identifiable Information
Require the developer of the system or system component to minimize the use of personally identifiable information in development and test environments.
Baselines
- L
- M
- H
- P
Guidance
Organizations can minimize the risk to an individual’s privacy by using techniques such as de-identification or synthetic data. Limiting the use of personally identifiable information in development and test environments helps reduce the level of privacy risk created by a system.
Related controls 3
- PM-25 Minimization of Personally Identifiable Information Used in Testing, Training, and Research L M H P
- SA-03 System Development Life Cycle L M H P
- SA-08 Security and Privacy Engineering Principles L M H P