The organization's privacy risk management process assesses the privacy risk to individuals resulting from the collection of personally identifiable information (PII).
No STIG checks reference this CCI.