PT-7(1) - Specific Categories of Personally Identifiable Information | Social Security Numbers

When a system processes Social Security numbers: (a) Eliminate unnecessary collection, maintenance, and use of Social Security numbers, and explore alternatives to their use as a personal identifier; (b) Do not deny any individual any right, benefit, or privilege provided by law because of such individual’s refusal to disclose his or her Social Security number; and (c) Inform any individual who is asked to disclose his or her Social Security number whether that disclosure is mandatory or voluntary, by what statutory or other authority such number is solicited, and what uses will be made of it.


Informational References

ISO 27001

ID: PT-7(1)
Enhancement of : PT-7

Countermeasures Covered by Control

ID Name Description D3FEND

Space Threats Tagged by Control

ID Description

Sample Requirements

Requirement Rationale/Additional Guidance/Notes

Related SPARTA Techniques and Sub-Techniques

ID Name Description