NIST Emphasizes Individual Privacy in Draft Cybersecurity Document
Individual privacy, specifically protection for personally identifiable information, is emphasized in the National Institute of Standards and Technology’s updated draft cybersecurity Risk Management Framework (RMF). The update integrates the RMF with NIST’s Cybersecurity Framework. It “provides cross-references so that organizations using the RMF can see where and how the CSF aligns with the current steps in the RMF,” NIST Computer Scientist Ron Ross said. “Conversely, if you’re using the CSF, you can bring in the RMF and give your organization a robust methodology to manage security and privacy risks.”