The organization defines the frequency on which it will update the inventory that contains a listing of all programs and information systems identified as collecting, using, maintaining, or sharing personally identifiable information (PII).
No STIG checks reference this CCI.