SC-7(24) - Boundary Protection | Personally Identifiable Information

For systems that process personally identifiable information: (a) Apply the following processing rules to data elements of personally identifiable information: [Assignment: organization-defined processing rules]; (b) Monitor for permitted processing at the external interfaces to the system and at key internal boundaries within the system; (c) Document each processing exception; and (d) Review and remove exceptions that are no longer supported.

Informational References

ISO 27001

ID: SC-7(24)
Enhancement of : SC-7

Countermeasures Covered by Control

ID Name Description D3FEND

Space Threats Tagged by Control

ID Description

Sample Requirements


Related SPARTA Techniques and Sub-Techniques

ID Name Description