NIST 800-53 Rev. 5

AC
AT
AU
CA
CM
CP
IA
IR
MA
MP
PE
PL
PM
PS
PT
RA
SA
SC
SI
SR
PE-1
PE-2
PE-2(1)
PE-2(2)
PE-2(3)
PE-3
PE-3(1)
PE-3(2)
PE-3(3)
PE-3(4)
PE-3(5)
PE-10(1)
PE-3(7)
PE-3(8)
PE-4
PE-5
PE-13(3)
PE-5(2)
PE-18(1)
PE-6
PE-6(1)
PE-6(2)
PE-6(3)
PE-6(4)
PE-3(6)
PE-8
PE-8(1)
PE-5(1)
PE-8(3)
PE-9
PE-9(1)
PE-9(2)
PE-10
PE-5(3)
PE-11
PE-11(1)
PE-11(2)
PE-12
PE-12(1)
PE-13
PE-13(1)
PE-13(2)
PE-7
PE-13(4)
PE-14
PE-14(1)
PE-14(2)
PE-15
PE-15(1)
PE-16
PE-17
PE-18
PE-8(2)
PE-19
PE-19(1)
PE-20
PE-21
PE-22
PE-23

PE-8(3): Visitor Access Records | Limit Personally Identifiable Information Elements

Control Text:

Limit personally identifiable information contained in visitor access records to the following elements identified in the privacy risk assessment: [Assignment: organization-defined elements].

Organizations may have requirements that specify the contents of visitor access records. Limiting personally identifiable information in visitor access records when such information is not needed for operational purposes helps reduce the level of privacy risk created by a system.

Related Controls