A requirement that applies to an information system or an organization that is derived from applicable laws, executive orders, directives, policies, standards, regulations, procedures, and/or mission/business needs with respect to privacy. Note: The term privacy requirement can be used in a variety of contexts from high-level policy activites to low-level implementation activities in system development and engineering disciplines.

Source: NIST SP 800-37 Rev. 2 | Category: