Credit: N. Hanacek/NIST
How can society benefit from the use of personal data while also protecting individual privacy? Five years after debuting guidelines that can help organizations balance these goals, the National Institute of Standards and Technology (NIST) has drafted a new version of the NIST Privacy Framework intended to address current privacy risk management needs, maintain alignment with NIST’s recently updated Cybersecurity Framework, and improve usability.
The draft release, NIST Privacy Framework 1.1 Initial Public Draft, is broadly intended to help organizations manage the privacy risks that arise from personal data flowing through complex information technology systems. Failure to manage these risks effectively can directly affect individuals and society, potentially damaging organizations’ brands, bottom lines and prospects for growth.
Changes to the Privacy Framework (PFW) are needed in part because of its relationship to the widely used NIST Cybersecurity Framework (CSF), which received an update of its own in February 2024. Privacy risk is closely related to, and often overlaps with, cybersecurity risk. Because of this, the two frameworks have the same high-level structure to make them easy to use together.
One element shared by both frameworks is the “Core,” an increasingly granular set of activities and outcomes that can help organizations discuss risk management. The PFW 1.1 Public Draft Core is realigned with the CSF 2.0 Core in many places, making life easier on users.
“This is a modest but s ..
Support the originator by clicking the read the rest link below.
