• Skip to main content
  • Skip to footer
  • About
    • Board of Directors
    • Advisory Board
    • Code of Ethics
    • Privacy Commitment
    • Fellowship Awards
    • Media
  • Get Involved
    • Membership
      • Advancing the Profession
      • Member Benefits
      • Why Join the PACC
      • Member Contact Update
    • Speak Out
    • Volunteer
    • Donate
      • Donor Bill of Rights
  • Certification
    • Apply for Certification
    • Recertification
    • Why Pursue Certification?
    • Certificate or Certification?
    • Accreditation
  • Resources
    • Strategic Privacy and Access Resource Center
      • Parents & Teachers
      • Standards
      • SPARC Contribution Guidelines
    • International Data Flows
    • Commissioners
    • Careers
    • Publications
    • Training & Education
  • News & Views
    • Guest Post Guidelines
  • Contact
    • Speaking Invitations & Media Requests
    • Stay Informed & Avoid Spam
    • Partner
  • Login

The Privacy and Access Council of Canada

The voice for privacy and access

You are here: Home / Resources / National Institute of Standards and Technology (NIST)

National Institute of Standards and Technology (NIST)

The National Institute of Standards and Technology (NIST) was founded in 1901 and is now part of the US Department of Commerce. Congress established the agency to help improve US industrial competitiveness. From the smart electric power grid and electronic health records to atomic clocks, advanced nanomaterials, and computer chips, innumerable products and services rely in some way on technology, measurement, and standards provided by the National Institute of Standards and Technology.

The NIST Information Technology Laboratory (ITL) engages in privacy-related research through its Information Technology Laboratory and its Privacy Engineering program. Other privacy-related research is integrated in other NIST programs, including cryptography, trusted identities, usability, and information assurance.

Which NIST guidance is most relevant to privacy?

NIST provides standards and guidelines to Federal agencies for various purposes including supporting agencies’ ability to meet their regulatory obligations and governing policy. The following guidance might be of particular interest to those managing privacy programs:

  • NIST Internal Report (NISTIR) 8053 De-Identification of Personal Information (Oct. 22, 2015)
  • NISTIR 8062 (draft) Privacy Risk Management for Federal Information Systems (May 2015)
  • NIST Special Publication (SP) 800-53, Revision 4 Security and Privacy Controls for Federal Information Systems and Organizations (Apr. 30, 2013)
  • NIST SP 800-53A, Revision 4 Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans (Dec. 18, 2014)
  • NIST SP 800-66, Revision 1 An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (Oct. 1, 2008)
  • NIST SP 800-122 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) (2010)
  • NIST SP 800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations (Jan. 14, 2016)

Which NIST guidance is specific to privacy risk management?

In support of OMB Circular A-130, NIST is working to augment existing NIST guidance on the Risk Management Framework (RMF) to specifically address privacy risk management.

In the short-term, privacy programs may want to review the following Special Publications for RMF standards and guidelines:

  • NIST SP 800-18 Guide for Developing Security Plans for Federal Information Systems (Feb. 2006)
  • NIST SP 800-30 Guide for Conducting Risk Assessments (Sept. 2012)
  • NIST SP 800-18 Guide for Applying the Risk Management Framework to Federal Information Systems (Feb. 2010)
  • NIST SP 800-39 Managing Information Security Risk—Organization, Mission, and Information System View (Mar. 2011)
  • NIST SP 800-60: Volume I Guide for Mapping Types of Information and Information Systems to Security Categories (Aug. 2008)
  • NIST SP 800-60: Volume II Appendices to Guide for Mapping Types of Information and Information Systems to Security Categories (Aug. 2008)

 

Footer

PACC is the voice for privacy and access.

PACC is Independent  •  Non-profit  •  Non-partisan  •  Non-government

PACC is dedicated to the development and promotion of the access-to-information, information privacy, and data governance profession across the private, non-profit and public sectors.

PACC is the certifying body for access and privacy professionals, and engages in outreach efforts to advance awareness about access, privacy, and data protection.

Recent Posts

  • Facial Recognition Cameras Here to Stay as Country’s Court System Entrenches Video Surveillance
  • IPC consultation on five-year strategic priorities under way
  • Info watchdog raps Privy Council Office for terminating access requests from public
  • A year to forget that’s worth remembering
  • BC Increases Routine Disclosure

© 2021 · Privacy and Access Council of Canada · Maintained by SLIcore Design.

We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.OkNoPrivacy policy