A requirement that applies to an information system or an organization that is derived from applicable laws, executive orders, directives, policies, standards, regulations, procedures, and/or mission/business needs with respect to privacy. Note: The term privacy requirement can be used in a variety of contexts from high-level policy activites to low-level implementation activities in system development and engineering disciplines.
Sources:
NIST SP 800-37 Rev. 2
A specification for system/product/service functionality to meet stakeholders’ desired privacy outcomes.
Sources:
NIST Privacy Framework Version 1.0
under Privacy Requirement