A formal document that provides an overview of an agency’s privacy program, including a description of the structure of the privacy program, the resources dedicated to the privacy program, the role of the Senior Agency Official for Privacy and other privacy officials and staff, the strategic goals and objectives of the privacy program, and the program management controls and common controls in place or planned for meeting applicable privacy requirements and managing privacy risks.
Sources:
NIST SP 800-37 Rev. 2
from
OMB Circular A-130 (2016)
NIST SP 800-53 Rev. 5
from
OMB Circular A-130 (2016)
NIST SP 800-53A Rev. 5
from
OMB Circular A-130 (2016)
NIST SP 800-53B
from
OMB Circular A-130 (2016)