The NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management, Version 1. 0, has been available for four years. Since then, a lot of businesses have discovered how invaluable it is for developing or enhancing their privacy programs. In order to support its implementation, we’ve also been able to add a number of resources.
1.1.1 NIST Privacy Framework
The time has come to update to Version 1.1 of the Privacy Framework, a “living” tool designed to adapt to stakeholder needs. To make it easier to combine the two frameworks, the initial version was based on the CSF. By making the necessary adjustments based on CSF 2.0 changes, we hope to keep the connection going. Stakeholders have also had a few years to use the Privacy Framework and have identified areas for specific improvement. In order to support realignment with CSF 2.0, make it easier and more effective to use, and make sure the tool is up to date with privacy risk management requirements, we plan to implement a modest update to the Privacy Framework this year.
Data Governance Profile for Joint NIST Frameworks
We acknowledge the need for more assistance in combining the NIST frameworks and resources, as was already mentioned. After speaking with stakeholders, we came to the conclusion that many organizations looking to maximize the advantages of data processing while balancing privacy, cybersecurity, AI, and IoT risks should start with data governance. Then it dawned on everyone that using NIST frameworks and resources in concert could be effectively demonstrated by creating a joint Profile for data governance. This profile may appear as a flowchart or as an intersection of different NIST Framework Subcategories. Since many of the same stakeholders will be involved, we intend to use the Privacy Framework 1.1 update process to create the Profile. In the end, we need to know your thoughts on this concept and how this resource ought to appear.
Steps after that
Through the numerous opportunities to participate that are listed in this important timeline, we hope that you will contribute your knowledge to these endeavors:
Stay Current
We will add specific dates to the development schedule on our New Projects webpage as our planning progresses. We intend to align all three workstreams where possible because the update to the Privacy Framework and the creation of the Data Governance Profile coincide with the completion of our Privacy Workforce Taxonomy.
Through a variety of channels, information on each stage of this process will be made available:
- Send an email to privacyframework+subscribe]at ] list to sign up for our Privacy Framework email listserv as a starting point. nist. gov ( privacyframework+subscribe]at ] list]dot ] nist ] dot [gov]
- Website: To act as the central repository for all pertinent data and events related to the Privacy Framework update process and the creation of Data Governance Profiles, we will have a dedicated webpage on the main website.
- Follow NIST Cyber on Facebook and LinkedIn if you prefer to receive updates via social media.
- Finally, you can always get in touch with us at privacyframework]at ] nist with any questions or comments. gov ( privacyframework]at ] nist]dot]gov
Working with you this year is something we look forwardto! Please get in touch with us at privacyframework]at ] nist to share your thoughts on these new initiatives and how we should go about implementing them. gov ( privacyframework]at]nist]dot]gov