NIST Releases Security and Privacy Controls for Federal Information Systems and Organizations

David Stegon
Bio
David Stegon Former staff reporter - FedScoop & StateScoop

David Stegon was a staff reporter for FedScoop and StateScoop from 2011-2014.


...

NIST released a new guide proposing new privacy controls for federal information systems and organizations. The new document, Privacy Control Catalog, will become an appendix of Security Controls for Federal Information Systems and Organizations (NIST Special Publication 800-53).

"Strong normalized privacy controls are an essential component in the ongoing effort to build measurable privacy compliance," said NIST Senior Internet Policy Advisor Ari Schwartz. "Certainty in controls and measures can help promote privacy, trust and greater confidence in new standards."

The appendix:

  • Provides a structured set of privacy controls, based on international standards and best practices, that help organizations enforce requirements deriving from federal privacy legislation, policies, regulations, directives, standards and guidance;
  • Establishes a linkage and relationship between privacy and security controls for purposes of enforcing respective privacy and security requirements, which may overlap in concept and in implementation within federal information systems and organizations;
  • Demonstrates the applicability of the NIST Risk Management Framework in the selection, implementation, assessment and monitoring of privacy controls deployed in federal information systems and organizations; and
  • Promotes closer cooperation between privacy and security officials within the federal government to help achieve the objectives of senior leaders/executives in enforcing the requirements in federal privacy legislation, policies, regulations, directives, standards and guidance.
Security and Privacy Controls for Federal Information Systems and Organizations

-In this Story-

Tech, Cybersecurity, NIST

Join the Conversation

events