STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← All Controls

PM-27

Program ManagementRev 5organization

Privacy Reporting

Baselines:Privacy

Control Statement

a. Develop [Assignment: privacy reports] and disseminate to: 1. [Assignment: oversight bodies] to demonstrate accountability with statutory, regulatory, and policy privacy mandates; and 2. [Assignment: officials] and other personnel with responsibility for monitoring privacy program compliance; and b. Review and update privacy reports [Assignment: frequency].

Supplemental Guidance

Through internal and external reporting, organizations promote accountability and transparency in organizational privacy operations. Reporting can also help organizations to determine progress in meeting privacy compliance requirements and privacy controls, compare performance across the federal government, discover vulnerabilities, identify gaps in policy and implementation, and identify models for success. For federal agencies, privacy reports include annual senior agency official for privacy reports to OMB, reports to Congress required by Implementing Regulations of the 9/11 Commission Act, and other public reports required by law, regulation, or policy, including internal policies of organizations. The senior agency official for privacy consults with legal counsel, where appropriate, to ensure that organizations meet all applicable privacy reporting requirements.

Related Controls (2)

IR-9PM-19

CCI Identifiers (8)

CCI-004446Develop organization-defined privacy reports.CCI-004447Defines the privacy reports that are to be developed.CCI-004448Disseminate privacy reports to organization-defined oversight bodies to demonstrate accountability with statutory, regulatory, and policy privacy program mandates.CCI-004451Defines the officials responsible for monitoring privacy program compliance.CCI-004449Develop privacy reports for organization-defined officials and other personnel with responsibility for monitoring privacy program progress and compliance.CCI-004450Disseminate privacy reports for organization-defined officials and other personnel with responsibility for monitoring privacy program compliance.CCI-004452Review and update privacy reports on an organization-defined frequency.CCI-004453Defines the frequency of which the privacy reports are reviewed and updated.

Linked STIG Checks (0)

No STIG checks reference this control.