The National Institute of Standards and Technology (NIST) recently published The Privacy Framework which helps organizations prioritize privacy risks and outcomes and achieve privacy goals, regardless of business size, sector, or industry.
While organizations may have adopted the NIST Cybersecurity Framework (CSF), this does not mean they have adequately addressed privacy risk. The NIST Privacy Framework bridges this gap, using the same structure as the CSF, making it easy for companies to align the two. Together, they create a holistic enterprise risk management tool for organizations.
Like CSF, the Privacy Framework is also composed of these three main parts:
The Core: The Core provides basic operational guidelines, consisting of five concurrent and continuous functions—Identify, Protect, Control, Inform, and Respond.
The Profile: The Profile enumerates the privacy goals of an organization, identifying goals and the steps to achieve them.
Implementation Tiers: The implementation tiers provide a status of the company’s current state of readiness.
Although not mandatory, following the NIST framework offers the potential to realize significant benefits, helping to build trust, demonstrate accountability and become better placed to comply with new regulations in the future. With the expected that additional states will adopt acts like the CCPA, implementing the NIST Privacy Framework will best prepare you for those requirements that may soon come.
Centraleyes delivers streamlined, automated data collection and analysis, prioritized remediation guidance and real-time customized scoring to meet the NIST Privacy framework for companies protecting their customers PII and PHI. Centraleyes has mapped NIST Privacy back to its control inventory allowing to share data across multiple frameworks through the platform, which creates time savings, money savings and more accurate data. Through the Centraleyes platform organizations can gain full visibility to their cyber risk levels and compliance.