Include the privacy functional requirements, explicitly or by reference, using standardized contract language; and/or organization-defined contract language in the acquisition contract for the information system, system component, or information system service.
No STIG checks reference this CCI.