The organization obtains consent, where feasible and appropriate, from individuals prior to any new uses or disclosure of previously collected personally identifiable information (PII).
No STIG checks reference this CCI.