Require the developer of the system, system component, or system service to document the potential privacy impacts of approved changes to the system, component, or service.
No STIG checks reference this CCI.