STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 7 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← All Controls

AR-1

Accountability, Audit, and Risk ManagementRev 4

Governance and Privacy Program

CCI Identifiers (17)

CCI-003397The organization appoints a Senior Agency Official for Privacy (SAOP)/Chief Privacy Officer (CPO) accountable for developing, implementing, and maintaining an organization-wide governance and privacy program to ensure compliance with all applicable laws and regulations regarding the collection, use, maintenance, sharing, and disposal of personally identifiable information (PII) by programs and information systems.CCI-003401The organization monitors federal privacy laws and policy for changes that affect the privacy program.CCI-003402The organization defines the allocation of budget resources sufficient to implement and operate the organization-wide privacy program.CCI-003403The organization defines the allocation of staffing resources sufficient to implement and operate the organization-wide privacy program.CCI-003404The organization allocates sufficient organization-defined budget resources to implement and operate the organization-wide privacy program.CCI-003405The organization allocates sufficient organization-defined staffing resources to implement and operate the organization-wide privacy program.CCI-003406The organization develops a strategic organizational privacy plan for implementing applicable privacy controls, policies, and procedures.CCI-003407The organization develops operational privacy policies which govern the appropriate privacy and security controls for programs, information systems, or technologies involving personally identifiable information (PII).CCI-003408The organization disseminates operational privacy policies which govern the appropriate privacy and security controls for programs, information systems, or technologies involving personally identifiable information (PII).CCI-003409The organization implements operational privacy policies which govern the appropriate privacy and security controls for programs, information systems, or technologies involving personally identifiable information (PII).CCI-003410The organization develops operational privacy procedures which govern the appropriate privacy and security controls for programs, information systems, or technologies involving personally identifiable information (PII).CCI-003411The organization disseminates operational privacy procedures which govern the appropriate privacy and security controls for programs, information systems, or technologies involving personally identifiable information (PII).CCI-003412The organization implements operational privacy procedures which govern the appropriate privacy and security controls for programs, information systems, or technologies involving personally identifiable information (PII).CCI-003413The organization defines the frequency, minimally biennially, on which the privacy plan, policies, and procedures are to be updated.CCI-003414The organization updates the privacy plan per organization-defined frequency.CCI-003415The organization updates the privacy policies per organization-defined frequency.CCI-003416The organization updates the privacy procedures per organization-defined frequency.

Linked STIG Checks (0)

No STIG checks reference this control.