STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← All Controls

DM-1

Data Minimization and RetentionRev 4

Minimization of Personally Identifiable Information

CCI Identifiers (9)

CCI-003486The organization identifies the minimum personally identifiable information (PII) elements that are relevant and necessary to accomplish the legally authorized purpose of collection.CCI-003487The organization limits the collection and retention of personally identifiable information (PII) to the minimum elements identified for the purposes described in the published privacy notice.CCI-003488The organization limits the collection and retention of personally identifiable information (PII) to the minimum elements identified for the purposes which the individual has provided consent.CCI-003489The organization defines the frequency, minimally annually, for conducting reviews of its personally identifiable information (PII) holdings.CCI-003490The organization conducts an initial evaluation of personally identifiable information (PII) holdings.CCI-003491The organization establishes a schedule for regularly reviewing the personally identifiable information (PII) holdings on an organization-defined frequency to ensure that only PII identified in the notice is collected and retained.CCI-003492The organization follows a schedule for regularly reviewing the personally identifiable information (PII) holdings on an organization-defined frequency to ensure that only PII identified in the notice is collected and retained.CCI-003493The organization establishes a schedule for regularly reviewing the personally identifiable information (PII) holdings on an organization-defined frequency to ensure the PII continues to be necessary to accomplish the legally authorized purpose.CCI-003494The organization follows a schedule for regularly reviewing the personally identifiable information (PII) holdings on an organization-defined frequency to ensure the PII continues to be necessary to accomplish the legally authorized purpose.

Linked STIG Checks (0)

No STIG checks reference this control.