Conduct privacy impact assessments for systems, programs, or other activities before developing or procuring information technology that processes personally identifiable information.
No STIG checks reference this CCI.