NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-42(4)Notice of Collection

Employ the following measures to facilitate an individual’s awareness that personally identifiable information is being collected by {{ insert: param, sc-42.04_odp.02 }}: {{ insert: param, sc-42.04_odp.01 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Awareness that organizational sensors are collecting data enables individuals to more effectively engage in managing their privacy. Measures can include conventional written notices and sensor configurations that make individuals directly or indirectly aware through other devices that the sensor is collecting information. The usability and efficacy of the notice are important considerations.

Practitioner Notes

When sensors collect data about individuals, provide notice to those individuals that collection is occurring.

Example 1: Post visible signs in areas monitored by security cameras: "This area is under video surveillance for security purposes." Include contact information for questions about the surveillance program.

Example 2: When deploying employee monitoring software that captures screenshots or tracks application usage, notify employees through your acceptable use policy and have them acknowledge the monitoring in writing before enrolling their devices.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability