Privacy Guidelines and Resources
The resources below include the privacy guidelines we apply in our work as well as links to projects and additional resources.
Overview
The NCCoE identifies challenges and demonstrates how to apply standards and technologies to address them.
Examples of the NIST privacy guidelines we work with regularly include:
- The NIST Privacy Risk Assessment Methodology (PRAM) and companion Catalogue of Problematic Data Actions and Problems to identify and assess potential privacy problems that could impact individuals.
- The NIST Privacy Framework and NIST Special Publication (SP) 800-53 to align the capabilities in our example solutions with outcomes in the NIST Privacy Framework Core and controls in the NIST SP 800-53 control catalog.
- The NIST Privacy Framework to demonstrate how organizations can manage risk by creating Privacy Framework Profiles and prioritizing outcomes in the Privacy Framework Core.
We also work with additional privacy resources that fit the scope of each project.
NCCoE Privacy Guidelines
Below are the NCCoE Practice Guides that include privacy risk management discussions.
-
Digital Identities - mDL
Digital Identity is becoming ubiquitous. To address that, we aim to define and facilitate reference architectures for digital identities that protects privacy, is implemented in a secure way, enables equity, is widely adoptable, and easy to use.Reviewing Comments -
Data Confidentiality: Detect, Respond to, and Recover from Data Breaches
Identifying methods to efficiently detect, respond, and recover from data confidentiality attacksFinalized -
Data Confidentiality: Identifying and Protecting Assets Against Data Breaches
Exploring methods to effectively identify and protect assets against data confidentiality attacksFinalized -
Mobile Device Security: Bring Your Own Device
Provides a clear and repeatable security and privacy-enhanced reference example solution architecture for organizations that allow personally owned mobile devices to access their organizational dataFinalized -
Mobile Device Security: Corporate-Owned Personally-Enabled
Clear and repeatable reference mobile architecture in which strong data confidentiality is implemented using certified technologies.Finalized -
Securing Telehealth Remote Patient Monitoring Ecosystem
Ensuring that the infrastructure supporting remote patient monitoring capabilities can maintain the confidentiality of patient dataFinalized
NCCoE Community Profiles
The NIST Privacy Framework can be used to create Community Profiles. Below are NCCoE Community Profiles that address privacy.
-
Cybersecurity and Privacy of Genomic Data
The Cybersecurity and Privacy of Genomic Data project offers guidelines and resources for enabling secure technology adoption.Reviewing Comments
News & Insights
NIST Privacy Resources
-
NIST Privacy Engineering Program
-
NIST Privacy Framework
-
NIST Privacy Risk Assessment Methodology
-
Catalogue of Problematic Data Actions and Problems
-
NIST Privacy Workforce Public Working Group (PWWG)
NCCoE Privacy in the News
-
IAPP - The Privacy Advisor