Description: NIST RMF program document detailing the requirements relating to a Privacy Impact Assessment (PIA) as described in RA-6 of NIST SP 800-53, Revision 5. The PIA includes the following sections:
SECTION I - GENERAL INFORMATION
SECTION II - PII IN THE SYSTEM
SECTION III - ATTRIBUTES OF THE DATA (USE AND ACCURACY)
SECTION IV - SHARING PRACTICES
SECTION V - NOTICE TO INDIVIDUALS TO DECLINE/CONSENT USE
SECTION VI - ACCESS TO DATA
SECTION VII - PRIVACY ANALYSIS
Specifications:Developed in accordance with NIST SP 800-53, Revision 5 (12-10-2020), and other related security control frameworks, where applicable.
Control Family: Risk Assessment (RA).
Security Control Baseline Coverage:Includes coverage for all LOW, MOD, and HIGH Baselines, per NIST SP 800-53B (12-10-2020).
Direct Compliance Use:FISMA, FedRAMP, NISP eMASS RMF, and other related NIST RMF reporting requirements for security and privacy. Can be used for mapping to DFARS NIST 800-171 and CMMC controls, where applicable.