SA-15(12) Minimize Personally Identifiable Information
Require the developer of the system or system component to minimize the use of personally identifiable information in development and test environments.
Organizations can minimize the risk to an individual’s privacy by using techniques such as de-identification or synthetic data. Limiting the use of personally identifiable information in development and test environments helps reduce the level of privacy risk created by a system.
Related controls 3
- PM-25 Minimization of Personally Identifiable Information Used in Testing, Training, and Research L M H P
- SA-03 System Development Life Cycle L M H P
- SA-08 Security and Privacy Engineering Principles L M H P