SA-15(12) Minimize Personally Identifiable Information
Require the developer of the system or system component to minimize the use of personally identifiable information in development and test environments.
Baselines
- L Not selected
- M Not selected
- H Not selected
- P Not selected
Guidance
Organizations can minimize the risk to an individual’s privacy by using techniques such as de-identification or synthetic data. Limiting the use of personally identifiable information in development and test environments helps reduce the level of privacy risk created by a system.
Related controls 3
- PM-25 Minimization of Personally Identifiable Information Used in Testing, Training, and Research L M H P
- SA-03 System Development Life Cycle L M H P
- SA-08 Security and Privacy Engineering Principles L M H P