NIST Privacy Framework Updated to Incorporate Latest Cybersecurity Guidelines
The National Institute of Standards and Technology (NIST) has issued a draft update to its Privacy Framework to incorporate the latest cybersecurity guidelines and practices. The NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management is a voluntary tool that provides a set of strategies for organizations to adopt to improve their approach to protecting personal data. First released in January 2020, the framework is modeled on and developed to complement the NIST Cybersecurity Framework. While organizations can adopt the NIST CSF to improve their security posture, adopting the NIST CSF will not necessarily address all privacy risks.
The NIST Privacy Framework is divided into three sections: Core, Profiles, and Implementation Tiers. Core specifies privacy protection activities, Profiles can be used to determine which Core activities should be pursued to achieve privacy goals most effectively, and the Implementation Tiers section can be used to optimize the resources for managing privacy risks. It has now been five years since the Privacy Framework was first released, and an update was due to improve usability, ensure the framework addresses current privacy risks, and maintain alignment with the recently updated NIST CSF.
While the Privacy Framework can be used on its own without adopting the NIST CSF, both share the same high-level structure, so they can be easily used together to manage both privacy and cybersecurity risks. The Core activities of the NIST Privacy Framework version 1.1 align with the Core activities of the NIST CSF 2.0, which was released in February 2024, with notable changes to the Govern and Protect Functions to align more closely with the CSF 2.0.
Version 1.1 has also been updated to cover the privacy risks associated with AI and chatbot tools that were not widely available when the Privacy Framework was first released. Other notable changes include the relocation of the use guidelines from Section 3 to the web. The online material has been structured as an interactive FAQ page to improve usability and help find answers more quickly. By changing to a web-based version, it will allow NIST to make timely updates in the future in response to user needs.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
NIST is encouraging the public to review the draft update and submit feedback. Comments will be accepted on the draft version until June 13, 2025, and after considering the feedback, NIST anticipates releasing a final version of the updated framework later this year.
