Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Removed references to PM-33 #778

Closed
wants to merge 1 commit into from
Closed

Removed references to PM-33 #778

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion ...0-53/rev5/json/NIST_SP-800-53_rev5-FPD_PRIVACY-baseline-resolved-profile_catalog-min.json
View file
Open in desktop

Large diffs are not rendered by default.

94 changes: 0 additions & 94 deletions ...SP800-53/rev5/json/NIST_SP-800-53_rev5-FPD_PRIVACY-baseline-resolved-profile_catalog.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8273,100 +8273,6 @@
"prose": "Continuous monitoring at the organization level facilitates ongoing awareness of the security and privacy posture across the organization to support organizational risk management decisions. The terms continuous and ongoing imply that organizations assess and monitor their controls and risks at a frequency sufficient to support risk-based decisions. Different types of controls may require different monitoring frequencies. The results of continuous monitoring guide and inform risk response actions by organizations. Continuous monitoring programs allow organizations to maintain the authorizations of systems and common controls in highly dynamic environments of operation with changing mission and business needs, threats, vulnerabilities, and technologies. Having access to security- and privacy-related information on a continuing basis through reports and dashboards gives organizational officials the capability to make effective and timely risk management decisions, including ongoing authorization decisions. Monitoring requirements, including the need for specific monitoring, may be referenced in other controls and control enhancements, for example, AC-2g, AC-2(7), AC-2(12)(a), AC-2(7)(b), AC-2(7)(c), AC-17(1), AT-4a, AU-13, AU-13(1), AU-13(2), CA-7, CM-3f, CM-6d, CM-11c, IR-5, MA-2b, MA-3a, MA-4a, PE-3d, PE-6, PE-14b, PE-16, PE-20, PM-6, PM-23, PS-7e, SA-9c, SC-5(3)(b), SC-7a, SC-7(24)(b), SC-18c, SC-43b, SI-4."
}
]
},
{
"id": "pm-33",
"class": "SP800-53",
"title": "Privacy Policies on Websites, Applications, and Digital Services",
"properties": [
{
"name": "label",
"value": "PM-33"
},
{
"name": "sort-id",
"value": "PM-33"
}
],
"links": [
{
"href": "#a646d45d-775f-4887-86d3-5a00ffbc4090",
"rel": "reference",
"text": "[OMB A-130]"
},
{
"href": "#pm-19",
"rel": "related",
"text": "PM-19"
},
{
"href": "#pm-20",
"rel": "related",
"text": "PM-20"
},
{
"href": "#pt-6",
"rel": "related",
"text": "PT-6"
},
{
"href": "#pt-7",
"rel": "related",
"text": "PT-7"
},
{
"href": "#ra-8",
"rel": "related",
"text": "RA-8"
}
],
"parts": [
{
"id": "pm-33_smt",
"name": "statement",
"prose": "Develop and post privacy policies on all external-facing websites, mobile applications, and other digital services, that:",
"parts": [
{
"id": "pm-33_smt.a",
"name": "item",
"properties": [
{
"name": "label",
"value": "a."
}
],
"prose": "Are written in plain language and organized in a way that is easy to understand and navigate;"
},
{
"id": "pm-33_smt.b",
"name": "item",
"properties": [
{
"name": "label",
"value": "b."
}
],
"prose": "Provide useful information that the public would need to make an informed decision about whether and how to interact with the organization; and"
},
{
"id": "pm-33_smt.c",
"name": "item",
"properties": [
{
"name": "label",
"value": "c."
}
],
"prose": "Are updated whenever the organization makes a substantive change to the practices it describes and includes a time/date stamp to inform the public of the date of the most recent changes."
}
]
},
{
"id": "pm-33_gdn",
"name": "guidance",
"prose": "Organizations post privacy policies on all external-facing websites, mobile applications, and other digital services. Organizations should post a link to the relevant privacy policy on any known, major entry points to the website, application, or digital service. In addition, organizations should provide a link to the privacy policy on any webpage that collects personally identifiable information."
}
]
}
]
},
Expand Down
2 changes: 1 addition & 1 deletion ...ent/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5-FPD_PRIVACY-baseline_profile-min.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"profile":{"uuid":"fcd0e29e-74e3-4f59-9834-f72a98fa2519","metadata":{"title":"SP800-53 PRIVACY BASELINE","last-modified":"2020-08-26T16:28:37.032-04:00","version":"FPD","oscal-version":"1.0.0-milestone3","roles":[{"id":"creator","title":"Document Creator"},{"id":"contact","title":"Contact"}],"parties":[{"uuid":"d8bc8fc4-0f2e-4bfd-983f-e2ec9dc64696","type":"organization","party-name":"Joint Task Force, Transformation Initiative","addresses":[{"postal-address":["National Institute of Standards and Technology","Attn: Computer Security Division","Information Technology Laboratory","100 Bureau Drive (Mail Stop 8930)"],"city":"Gaithersburg","state":"MD","postal-code":"20899-8930"}],"email-addresses":["[email protected]"]}],"responsible-parties":{"creator":{"party-uuids":["d8bc8fc4-0f2e-4bfd-983f-e2ec9dc64696"]},"contact":{"party-uuids":["d8bc8fc4-0f2e-4bfd-983f-e2ec9dc64696"]}}},"imports":[{"href":"NIST_SP-800-53_rev5-FPD_catalog.xml","include":{"id-selectors":[{"control-id":"ac-1"},{"control-id":"ac-3.14"},{"control-id":"at-1"},{"control-id":"at-2"},{"control-id":"at-2.5"},{"control-id":"at-3"},{"control-id":"at-3.5"},{"control-id":"at-4"},{"control-id":"au-1"},{"control-id":"au-2"},{"control-id":"au-11"},{"control-id":"ca-1"},{"control-id":"ca-2"},{"control-id":"ca-5"},{"control-id":"ca-6"},{"control-id":"ca-7"},{"control-id":"ca-7.4"},{"control-id":"cm-1"},{"control-id":"cm-4"},{"control-id":"ir-1"},{"control-id":"ir-3"},{"control-id":"ir-4"},{"control-id":"ir-6"},{"control-id":"ir-7"},{"control-id":"ir-8"},{"control-id":"ir-8.1"},{"control-id":"mp-1"},{"control-id":"mp-6"},{"control-id":"pl-1"},{"control-id":"pl-2"},{"control-id":"pl-4"},{"control-id":"pl-4.1"},{"control-id":"pl-8"},{"control-id":"pl-9"},{"control-id":"pm-3"},{"control-id":"pm-4"},{"control-id":"pm-5.1"},{"control-id":"pm-6"},{"control-id":"pm-7"},{"control-id":"pm-8"},{"control-id":"pm-9"},{"control-id":"pm-10"},{"control-id":"pm-11"},{"control-id":"pm-13"},{"control-id":"pm-14"},{"control-id":"pm-18"},{"control-id":"pm-19"},{"control-id":"pm-20"},{"control-id":"pm-21"},{"control-id":"pm-22"},{"control-id":"pm-24"},{"control-id":"pm-25"},{"control-id":"pm-26"},{"control-id":"pm-27"},{"control-id":"pm-31"},{"control-id":"pm-33"},{"control-id":"pt-1"},{"control-id":"pt-2"},{"control-id":"pt-3"},{"control-id":"pt-4"},{"control-id":"pt-5"},{"control-id":"pt-6"},{"control-id":"pt-6.2"},{"control-id":"pt-7"},{"control-id":"pt-7.1"},{"control-id":"pt-7.2"},{"control-id":"pt-8"},{"control-id":"pt-8.1"},{"control-id":"pt-8.2"},{"control-id":"pt-9"},{"control-id":"ra-1"},{"control-id":"ra-3"},{"control-id":"ra-7"},{"control-id":"ra-8"},{"control-id":"sa-1"},{"control-id":"sa-4"},{"control-id":"sa-9"},{"control-id":"sa-11"},{"control-id":"si-1"},{"control-id":"si-12"},{"control-id":"si-12.1"},{"control-id":"si-12.2"},{"control-id":"si-12.3"},{"control-id":"si-18"},{"control-id":"si-18.4"},{"control-id":"si-19"}]}}],"merge":{"as-is":true}}}
{"profile":{"uuid":"fcd0e29e-74e3-4f59-9834-f72a98fa2519","metadata":{"title":"SP800-53 PRIVACY BASELINE","last-modified":"2020-08-26T16:28:37.032-04:00","version":"FPD","oscal-version":"1.0.0-milestone3","roles":[{"id":"creator","title":"Document Creator"},{"id":"contact","title":"Contact"}],"parties":[{"uuid":"d8bc8fc4-0f2e-4bfd-983f-e2ec9dc64696","type":"organization","party-name":"Joint Task Force, Transformation Initiative","addresses":[{"postal-address":["National Institute of Standards and Technology","Attn: Computer Security Division","Information Technology Laboratory","100 Bureau Drive (Mail Stop 8930)"],"city":"Gaithersburg","state":"MD","postal-code":"20899-8930"}],"email-addresses":["[email protected]"]}],"responsible-parties":{"creator":{"party-uuids":["d8bc8fc4-0f2e-4bfd-983f-e2ec9dc64696"]},"contact":{"party-uuids":["d8bc8fc4-0f2e-4bfd-983f-e2ec9dc64696"]}}},"imports":[{"href":"NIST_SP-800-53_rev5-FPD_catalog.xml","include":{"id-selectors":[{"control-id":"ac-1"},{"control-id":"ac-3.14"},{"control-id":"at-1"},{"control-id":"at-2"},{"control-id":"at-2.5"},{"control-id":"at-3"},{"control-id":"at-3.5"},{"control-id":"at-4"},{"control-id":"au-1"},{"control-id":"au-2"},{"control-id":"au-11"},{"control-id":"ca-1"},{"control-id":"ca-2"},{"control-id":"ca-5"},{"control-id":"ca-6"},{"control-id":"ca-7"},{"control-id":"ca-7.4"},{"control-id":"cm-1"},{"control-id":"cm-4"},{"control-id":"ir-1"},{"control-id":"ir-3"},{"control-id":"ir-4"},{"control-id":"ir-6"},{"control-id":"ir-7"},{"control-id":"ir-8"},{"control-id":"ir-8.1"},{"control-id":"mp-1"},{"control-id":"mp-6"},{"control-id":"pl-1"},{"control-id":"pl-2"},{"control-id":"pl-4"},{"control-id":"pl-4.1"},{"control-id":"pl-8"},{"control-id":"pl-9"},{"control-id":"pm-3"},{"control-id":"pm-4"},{"control-id":"pm-5.1"},{"control-id":"pm-6"},{"control-id":"pm-7"},{"control-id":"pm-8"},{"control-id":"pm-9"},{"control-id":"pm-10"},{"control-id":"pm-11"},{"control-id":"pm-13"},{"control-id":"pm-14"},{"control-id":"pm-18"},{"control-id":"pm-19"},{"control-id":"pm-20"},{"control-id":"pm-21"},{"control-id":"pm-22"},{"control-id":"pm-24"},{"control-id":"pm-25"},{"control-id":"pm-26"},{"control-id":"pm-27"},{"control-id":"pm-31"},{"control-id":"pt-1"},{"control-id":"pt-2"},{"control-id":"pt-3"},{"control-id":"pt-4"},{"control-id":"pt-5"},{"control-id":"pt-6"},{"control-id":"pt-6.2"},{"control-id":"pt-7"},{"control-id":"pt-7.1"},{"control-id":"pt-7.2"},{"control-id":"pt-8"},{"control-id":"pt-8.1"},{"control-id":"pt-8.2"},{"control-id":"pt-9"},{"control-id":"ra-1"},{"control-id":"ra-3"},{"control-id":"ra-7"},{"control-id":"ra-8"},{"control-id":"sa-1"},{"control-id":"sa-4"},{"control-id":"sa-9"},{"control-id":"sa-11"},{"control-id":"si-1"},{"control-id":"si-12"},{"control-id":"si-12.1"},{"control-id":"si-12.2"},{"control-id":"si-12.3"},{"control-id":"si-18"},{"control-id":"si-18.4"},{"control-id":"si-19"}]}}],"merge":{"as-is":true}}}
3 changes: 0 additions & 3 deletions content/nist.gov/SP800-53/rev5/json/NIST_SP-800-53_rev5-FPD_PRIVACY-baseline_profile.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -222,9 +222,6 @@
{
"control-id": "pm-31"
},
{
"control-id": "pm-33"
},
{
"control-id": "pt-1"
},
Expand Down
29 changes: 0 additions & 29 deletions ...v/SP800-53/rev5/xml/NIST_SP-800-53_rev5-FPD_PRIVACY-baseline-resolved-profile_catalog.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2553,35 +2553,6 @@ Organizations notify individuals or their designated representatives when their
<p>Continuous monitoring at the organization level facilitates ongoing awareness of the security and privacy posture across the organization to support organizational risk management decisions. The terms continuous and ongoing imply that organizations assess and monitor their controls and risks at a frequency sufficient to support risk-based decisions. Different types of controls may require different monitoring frequencies. The results of continuous monitoring guide and inform risk response actions by organizations. Continuous monitoring programs allow organizations to maintain the authorizations of systems and common controls in highly dynamic environments of operation with changing mission and business needs, threats, vulnerabilities, and technologies. Having access to security- and privacy-related information on a continuing basis through reports and dashboards gives organizational officials the capability to make effective and timely risk management decisions, including ongoing authorization decisions. Monitoring requirements, including the need for specific monitoring, may be referenced in other controls and control enhancements, for example, AC-2g, AC-2(7), AC-2(12)(a), AC-2(7)(b), AC-2(7)(c), AC-17(1), AT-4a, AU-13, AU-13(1), AU-13(2), CA-7, CM-3f, CM-6d, CM-11c, IR-5, MA-2b, MA-3a, MA-4a, PE-3d, PE-6, PE-14b, PE-16, PE-20, PM-6, PM-23, PS-7e, SA-9c, SC-5(3)(b), SC-7a, SC-7(24)(b), SC-18c, SC-43b, SI-4.</p>
</part>
</control>
<control class="SP800-53" id="pm-33">
<title>Privacy Policies on Websites, Applications, and Digital Services</title>
<prop name="label">PM-33</prop>
<prop name="sort-id">PM-33</prop>
<link rel="reference" href="#a646d45d-775f-4887-86d3-5a00ffbc4090">[OMB A-130]</link>
<link rel="related" href="#pm-19">PM-19</link>
<link rel="related" href="#pm-20">PM-20</link>
<link rel="related" href="#pt-6">PT-6</link>
<link rel="related" href="#pt-7">PT-7</link>
<link rel="related" href="#ra-8">RA-8</link>
<part name="statement" id="pm-33_smt">
<p>Develop and post privacy policies on all external-facing websites, mobile applications, and other digital services, that:</p>
<part name="item" id="pm-33_smt.a">
<prop name="label">a.</prop>
<p>Are written in plain language and organized in a way that is easy to understand and navigate;</p>
</part>
<part name="item" id="pm-33_smt.b">
<prop name="label">b.</prop>
<p>Provide useful information that the public would need to make an informed decision about whether and how to interact with the organization; and</p>
</part>
<part name="item" id="pm-33_smt.c">
<prop name="label">c.</prop>
<p>Are updated whenever the organization makes a substantive change to the practices it describes and includes a time/date stamp to inform the public of the date of the most recent changes.</p>
</part>
</part>
<part name="guidance" id="pm-33_gdn">
<p>Organizations post privacy policies on all external-facing websites, mobile applications, and other digital services. Organizations should post a link to the relevant privacy policy on any known, major entry points to the website, application, or digital service. In addition, organizations should provide a link to the privacy policy on any webpage that collects personally identifiable information.</p>
</part>
</control>
</group>
<group class="family" id="pt">
<title>Personally Identifiable Information Processing and Transparency</title>
Expand Down
1 change: 0 additions & 1 deletion content/nist.gov/SP800-53/rev5/xml/NIST_SP-800-53_rev5-FPD_PRIVACY-baseline_profile.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,6 @@
<call control-id="pm-26"/>
<call control-id="pm-27"/>
<call control-id="pm-31"/>
<call control-id="pm-33"/>
<call control-id="pt-1"/>
<call control-id="pt-2"/>
<call control-id="pt-3"/>
Expand Down
70 changes: 0 additions & 70 deletions ...SP800-53/rev5/yaml/NIST_SP-800-53_rev5-FPD_PRIVACY-baseline-resolved-profile_catalog.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6303,76 +6303,6 @@ catalog:
id: pm-31_gdn
name: guidance
prose: Continuous monitoring at the organization level facilitates ongoing awareness of the security and privacy posture across the organization to support organizational risk management decisions. The terms continuous and ongoing imply that organizations assess and monitor their controls and risks at a frequency sufficient to support risk-based decisions. Different types of controls may require different monitoring frequencies. The results of continuous monitoring guide and inform risk response actions by organizations. Continuous monitoring programs allow organizations to maintain the authorizations of systems and common controls in highly dynamic environments of operation with changing mission and business needs, threats, vulnerabilities, and technologies. Having access to security- and privacy-related information on a continuing basis through reports and dashboards gives organizational officials the capability to make effective and timely risk management decisions, including ongoing authorization decisions. Monitoring requirements, including the need for specific monitoring, may be referenced in other controls and control enhancements, for example, AC-2g, AC-2(7), AC-2(12)(a), AC-2(7)(b), AC-2(7)(c), AC-17(1), AT-4a, AU-13, AU-13(1), AU-13(2), CA-7, CM-3f, CM-6d, CM-11c, IR-5, MA-2b, MA-3a, MA-4a, PE-3d, PE-6, PE-14b, PE-16, PE-20, PM-6, PM-23, PS-7e, SA-9c, SC-5(3)(b), SC-7a, SC-7(24)(b), SC-18c, SC-43b, SI-4.
-
id: pm-33
class: SP800-53
title: Privacy Policies on Websites, Applications, and Digital Services
properties:
-
name: label
value: PM-33
-
name: sort-id
value: PM-33
links:
-
href: #a646d45d-775f-4887-86d3-5a00ffbc4090
rel: reference
text: [OMB A-130]
-
href: #pm-19
rel: related
text: PM-19
-
href: #pm-20
rel: related
text: PM-20
-
href: #pt-6
rel: related
text: PT-6
-
href: #pt-7
rel: related
text: PT-7
-
href: #ra-8
rel: related
text: RA-8
parts:
-
id: pm-33_smt
name: statement
prose: Develop and post privacy policies on all external-facing websites, mobile applications, and other digital services, that:
parts:
-
id: pm-33_smt.a
name: item
properties:
-
name: label
value: a.
prose: Are written in plain language and organized in a way that is easy to understand and navigate;
-
id: pm-33_smt.b
name: item
properties:
-
name: label
value: b.
prose: Provide useful information that the public would need to make an informed decision about whether and how to interact with the organization; and
-
id: pm-33_smt.c
name: item
properties:
-
name: label
value: c.
prose: Are updated whenever the organization makes a substantive change to the practices it describes and includes a time/date stamp to inform the public of the date of the most recent changes.
-
id: pm-33_gdn
name: guidance
prose: Organizations post privacy policies on all external-facing websites, mobile applications, and other digital services. Organizations should post a link to the relevant privacy policy on any known, major entry points to the website, application, or digital service. In addition, organizations should provide a link to the privacy policy on any webpage that collects personally identifiable information.
-
id: pt
class: family
Expand Down
2 changes: 0 additions & 2 deletions content/nist.gov/SP800-53/rev5/yaml/NIST_SP-800-53_rev5-FPD_PRIVACY-baseline_profile.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,8 +144,6 @@ profile:
control-id: pm-27
-
control-id: pm-31
-
control-id: pm-33
-
control-id: pt-1
-
Expand Down
Loading