SI-19: De-identification

From NIST's SP800-53:

a. Remove the following elements of personally identifiable information from datasets: [Assignment: organization-defined elements of personally identifiable information]; and b. Evaluate [Assignment: organization-defined frequency] for effectiveness of de-identification.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph