The National Institute of Standards and Technology (NIST) developed a Cybersecurity Framework in 2014 to assist private firms with evaluations of their security guidelines and to help them recognize, avoid, and respond to cyberattacks. Statistics from Gartner indicate that 30% of organizations have used the Cybersecurity Framework and all U.S. government agencies are required to use the Framework.
Currently NIST is making preparations for a new Framework. Rather than helping companies improve security, the new Framework will tackle data privacy and help companies protect the privacy of their workers and customers. The NIST Privacy Framework will be made available to enterprises but adoption is not mandatory.
The tool will help them identify and implement flexible privacy protection solutions and assess their current privacy protections. The objective of the Framework is to help companies utilize innovative technologies such as IoT and AI without accidentally violating the privacy of their employees and customers. If companies adopt this Privacy Framework, it will help them successfully control privacy risks.
Applying the Cybersecurity Framework and adhering to good cybersecurity best practices helps companies lessen the risk of security breaches. However, even if the Cybersecurity Framework is applied, privacy risks can still be introduced when companies collect, retain, use, and disclose data to fulfill their mission or business goals.
To produce the new Framework, NIST will be collaborating with the different markets, academic institutions, standard-setting agencies, federal institutions, regional, state, tribal, and foreign governments, and privately owned firms, gathering their feedback and advice on how best to protect privacy.
The first stage is to obtain feedback on the proposed Framework at a public workshop in Austin, Texas on October 16, at the same time as the annual conference of the International Association of Privacy Professionals.