Privacy Program Plan (PM-18)

Have Questions?
Talk to an ASP Expert at 703-254-3202

Description: In-depth, comprehensive, professionally developed Privacy Program Plan (PPP) that includes documentation on all essential subject matter relating to addressing organizational-wide privacy risks for information (i.e., PII, PHI, CUI, etc.) being collected, used, shared & disclosed, stored, protected, retained, and disposed of as required by PM-18 of NIST SP 800-53, Revision 5. Note: It is highly recommended to purchase the additional supporting documents within the Program Management (PM) family to allow for complete coverage of all controls within PM-1 to PM-32.

The Privacy Program Plan includes the following sections:

  • Privacy Program Plan Overview
  • Privacy Program Foundational Principles
    • Privacy by Design Requirement
    • Fair Information Practice Principles
  • Privacy Roles and Responsibilities
  • Privacy Laws, Rules, Regulations, and Notice
    • Privacy (International and U.S.)
    • Rules and Regulations
    • Privacy Notice
    • Privacy Rights to Individuals
  • Personally Identifiable Information (PII)
    • Types of PII (PII, PHI, PIFI, etc.)
    • Authority to Process PII
    • PII Processing Purposes
    • Consent
    • Privacy Notice
    • System of Records Notice
    • Minimizing the Collection of PII
    • Handling and Transmitting PII
    • Privacy Impact Assessment (PIA) Requirements
  • Breach Prevention and Incident Response
    • Reporting Breaches
    • Breach Response Plan
    • Breach Reporting
    • Core Response Group
    • Incident Response Personnel
  • Awareness and Training
    • Foundational Training
    • Advanced Privacy Training
    • Role-Based Training
    • Rules of Behavior and Accountability
    • New  Employee Orientation Training
  • Continuous Monitoring
  • Contractors and Third-Parties

Specifications: Developed in accordance with NIST SP 800-53, Revision 5 (12-10-2020), and other related security control frameworks, where applicable.

Control Family: Program Management (PM).

Control Mapping: PM-18. 

Security Control Baseline Coverage: Includes coverage for all LOW, MOD, and HIGH Baselines, per NIST SP 800-53B (12-10-2020).

Direct Compliance Use: FISMA, FedRAMP, NISP eMASS RMF, and other related NIST RMF reporting requirements for security and privacy. Can be used for mapping to DFARS NIST 800-171 and CMMC controls, where applicable.

Format: MS Word document (.docx).

Length: 22 pages.

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.


What Our Customers Are Saying


Companies Who Trust Us