Washington, 25 January 2024
Celebrating Data Privacy Week, the U.S. National Institute of Standards and Technology (NIST) updates its Privacy Framework to Version 1.1. The NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management, Version 1.0 was modeled after the NIST Cybersecurity Framework (CSF) so that the two frameworks could be used together more easily. This year, NIST will implement a modest update to Privacy Framework 1.1 to support realignment with the CSF 2.0 update and respond to our stakeholders’ current privacy risk management needs.
NIST will also develop a joint NIST frameworks Data Governance Profile. Stakeholders have expressed a desire for more support in using NIST frameworks and resources together. Data governance is the starting point for many organizations seeking the benefits of data while managing privacy, cybersecurity, AI, and IoT risks. A Data Governance Profile offers a means to effectively demonstrate complementary use of NIST resources.
Learn more about this upcoming work in our recent blog post!
In addition to these exciting upcoming projects, NIST has released several new resources:
- The second post in our privacy-preserving federated learning blog series, Privacy Attacks in Federated Learning.
- New crosswalks including the California Consumer Privacy Act (CCPA) Regulations Crosswalk and the American Institute of Certified Public Accountants (AICPA) 2017 Trust Services Criteria Crosswalk, which can be found on our Privacy Framework Resource Repository page.
- A Malay translation of the NIST Privacy Framework.
- New risk assessment tool, Privado Scan, in our Privacy Engineering Collaboration Space.
For more information on Privacy Framework 1.1 and the Data Governance Profile, please visit our webpage. If you have any questions or feedback, please contact us at any time at privacyframework@nist.gov.
Source – U.S. NIST