Resources

NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management

The Privacy Framework is a voluntary tool intended to help organizations identify and manage privacy risk to build beneficial products and services while protecting individuals’ privacy.

• Visit the new Privacy Framework Resource Repository to explore crosswalks, common Profiles, guidance, and tools to support implementation.
• Whether you’re new to the Framework or seeking more information about adoption, see our hypothetical use case Profiles and updated frequently asked questions.
• Check out the companion roadmap to promote collaboration to address key privacy challenges for organizations and improve future versions of the Framework.

NIST Privacy Framework (PDF)

NIST Internal Report (NISTIR) 8062: An Introduction to Privacy Engineering and Risk Management in Federal Systems

NISTIR 8062 introduces the concept of applying systems engineering practices to privacy and provides a new model for conducting privacy risk assessments on federal systems.

NISTIR 8062 (PDF)

NIST Privacy Risk Assessment Methodology (PRAM)

The PRAM is a tool that applies the risk model from NISTIR 8062 and helps organizations analyze, assess, and prioritize privacy risks to determine how to respond and select appropriate solutions. The PRAM can help drive collaboration and communication between various components of an organization, including privacy, cybersecurity, business, and IT personnel.

Worksheet 1: Framing Business Objectives and Organizational Privacy Governance
Worksheet 2: Assessing System Design; Supporting Data Map
Worksheet 3: Prioritizing Risk
Worksheet 4: Selecting Controls
Catalog of Problematic Data Actions and Problems

PRAM (.ZIP)   Version: February 2019

NIST Special Publication (SP) 800-226: Guidelines for Evaluating Differential Privacy Guarantees