STIGhub
STIGs
RMF Controls
Compare
← All Controls
UL-2
Use Limitation
Rev 4
Information Sharing with Third Parties
CCI Identifiers (9)
CCI-003589
The organization shares personally identifiable information (PII) externally, only for the authorized purposes identified in the Privacy Act and/or described in its notice(s) or for a purpose that is compatible with those purposes.
CCI-003590
The organization, where appropriate, enters into Memoranda of Understanding, Memoranda of Agreement, Letters of Intent, Computer Matching Agreements, or similar agreements, with third parties that specifically describe the personally identifiable information (PII) covered.
CCI-003591
The organization, where appropriate, enters into Memoranda of Understanding, Memoranda of Agreement, Letters of Intent, Computer Matching Agreements, or similar agreements, with third parties that specifically enumerate the purposes for which the personally identifiable information (PII) may be used.
CCI-003593
The organization audits its staff on the authorized sharing of personally identifiable information (PII) with third parties.
CCI-003594
The organization trains its staff on the authorized sharing of personally identifiable information (PII) with third parties.
CCI-003595
The organization trains its staff on the consequences of unauthorized use or sharing of personally identifiable information (PII).
CCI-003596
The organization evaluates any proposed new instances of sharing personally identifiable information (PII) with third parties to assess whether the sharing is authorized.
CCI-003597
The organization evaluates any proposed new instances of sharing personally identifiable information (PII) with third parties to assess whether additional or new public notice is required.
CCI-003592
The organization monitors its staff on the authorized sharing of personally identifiable information (PII) with third parties.
Linked STIG Checks (0)
No STIG checks reference this control.