Privacy Guidelines and Resources
The resources below include the privacy guidelines we apply in our work as well as links to projects and additional resources.
Overview
The NCCoE identifies challenges and demonstrates how to apply standards and technologies to address them.
Examples of the NIST privacy guidelines we work with regularly include:
- The NIST Privacy Risk Assessment Methodology (PRAM) and companion Catalogue of Problematic Data Actions and Problems to identify and assess potential privacy problems that could impact individuals.
- The NIST Privacy Framework and NIST Special Publication (SP) 800-53 to align the capabilities in our example solutions with outcomes in the NIST Privacy Framework Core and controls in the NIST SP 800-53 control catalog.
- The NIST Privacy Framework to demonstrate how organizations can manage risk by creating Privacy Framework Profiles and prioritizing outcomes in the Privacy Framework Core.
We also work with additional privacy resources that fit the scope of each project.
NCCoE Privacy Guidelines
Below are the NCCoE Practice Guides that include privacy risk management discussions.
-
Data Confidentiality: Detect, Respond to, and Recover from Data Breaches
Identifying methods to efficiently detect, respond, and recover from data confidentiality attacksFinalized Guidance -
Data Confidentiality: Identifying and Protecting Assets Against Data Breaches
Exploring methods to effectively identify and protect assets against data confidentiality attacksFinalized Guidance -
Mobile Device Security: Bring Your Own Device
Provides a clear and repeatable security and privacy-enhanced reference example solution architecture for organizations that allow personally owned mobile devices to access their organizational dataFinalized Guidance -
Mobile Device Security: Corporate-Owned Personally-Enabled
Clear and repeatable reference mobile architecture in which strong data confidentiality is implemented using certified technologies.Finalized Guidance -
Securing Telehealth Remote Patient Monitoring Ecosystem
Ensuring that the infrastructure supporting remote patient monitoring capabilities can maintain the confidentiality of patient dataFinalized Guidance
NCCoE Community Profiles
The NIST Privacy Framework can be used to create Community Profiles. Below are NCCoE Community Profiles that address privacy.
-
Cybersecurity and Privacy of Genomic Data
The advent of low-cost genomic sequencing technologies has ushered in an era where it is now possible to sequence and analyze an entire genome quickly and affordably. The vast amounts of genomic data collected have helped fuel our nation’s economic and...Reviewing Comments -
Data Governance and Management (DGM) Profile
The DGM Profile seeks to address data governance and management challenges and offer a means to effectively demonstrate complementary use of NIST frameworks and resources.Defining Scope
News & Insights
NIST Privacy Resources
-
NIST Privacy Engineering Program
-
NIST Privacy Framework
-
NIST Privacy Risk Assessment Methodology
-
Catalogue of Problematic Data Actions and Problems
-
NIST Privacy Workforce Public Working Group (PWWG)
NCCoE Privacy in the News
-
IAPP - The Privacy Advisor