The organization's privacy risk management process assesses the privacy risk to individuals resulting from the disposal of personally identifiable information (PII).
No STIG checks reference this CCI.