Privacy Impact Assessment (PIA) Program (RA-8)

Description: NIST RMF program document detailing the requirements relating to a Privacy Impact Assessment (PIA) as described in RA-6 of NIST SP 800-53, Revision 5. The PIA includes the following sections:

• SECTION I - GENERAL INFORMATION
• SECTION II - PII IN THE SYSTEM
• SECTION III - ATTRIBUTES OF THE DATA (USE AND ACCURACY)
• SECTION IV - SHARING PRACTICES
• SECTION V - NOTICE TO INDIVIDUALS TO DECLINE/CONSENT USE
• SECTION VI - ACCESS TO DATA
• SECTION VII - PRIVACY ANALYSIS

Specifications: Developed in accordance with NIST SP 800-53, Revision 5 (12-10-2020), and other related security control frameworks, where applicable.

Control Family: Risk Assessment (RA).

Control Mapping: RA-8.

Security Control Baseline Coverage: Includes coverage for all LOW, MOD, and HIGH Baselines, per NIST SP 800-53B (12-10-2020).

Direct Compliance Use: FISMA, FedRAMP, NISP eMASS RMF, and other related NIST RMF reporting requirements for security and privacy. Can be used for mapping to DFARS NIST 800-171 and CMMC controls, where applicable.

Format: MS Word document (.docx).

Length: 19 pages.