-
Notifications
You must be signed in to change notification settings - Fork 14
/
pia.yaml
43 lines (37 loc) · 2.5 KB
/
pia.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# This work is dual-licensed under Creative Commons Zero v1.0 Universal and GNU General Public License v3.0 or later.
# The file containts example code. Replace the values with information that is pertinent to your project.
omb_ctr_nums: #OMB Control Numbers
what_is_collected: # What information is being collected?
why_is_collected: # Why is the information being collected?
intended_use: # What is the intended use of the information?
whom_shared: # With whom will the information be shared?
opt_out: # What opportunities do individuals or businesses have to decline to provide information
how_secured: # How will the information be secured?
The _Secure Sockets Layer_ (_SSL_) is the standard technology for keeping
an internet connection secure and safeguarding any sensitive data that is
being sent between two systems. Transport Layer Security (TLS) is the
successor to SSL. The TLS protocol provides privacy and data integrity
between two or more communicating computer applications, enabling private
and reliable communications between authenticated identities.
The Federal Information Security Management Act of 2002 (FISMA) defined an
information-security framework to improve computer and network security
within the federal government. The National Institute of Standards &
Technology (NIST), a non-regulatory agency of the U.S. Dept. of Commerce has
developed a set of standards and guidelines (800-series publications)
further define this framework.
The _Risk Management Framework_ (_RMF_) - outlined in NIST Special
Publication 800-37 - defines a system lifecycle approach for information
systems and organizations. A catalog of security and privacy controls -
defined in NIST Special Publication 800-53 - outlines the management,
operational and technical safeguards to protect the confidentiality,
integrity and availability of the system and its information.
The Project implements the controls defined for low impact systems in the Risk
Management Framework, including the use of SSL/TLS for securing data in motion.
log_and_verify: # How will the data extract log and verify requirement be met?
privacy_act: # Is a system of records being created under the Privacy Act (5 U.S.C. 552a)?
records_control: # Are these records covered by an approved records control schedule?
systems:
- name: The Project # System name
ssns: 'No' # Social Security Numbers? Yes/No
other_pii: 'Yes' # Other Personally Identifiable Information (PII)?
bii: 'No' # Business Identifiable Information?