Targeted changes, introductions on AI and relocated use guidelines all added to proposed changes.
NIST is soliciting feedback on proposed changes to its privacy framework in order to tie it to recently launched cybersecurity guidelines.
The draft release, NIST Privacy Framework 1.1 Initial Public Draft, is intended to help organisations manage the privacy risks that arise from personal data flowing through complex information technology systems, the organisation said.
“Changes to the Privacy Framework are needed in part because of its relationship to the widely used NIST Cybersecurity Framework, which received an update of its own in February 2024,” its statement said.
“Privacy risk is closely related to, and often overlaps with, cybersecurity risk. Because of this, the two frameworks have the same high-level structure to make them easy to use together.”
Among the notable changes in the Privacy Framework 1.1’s draft update are targeted changes to its core structure and content; a new section on AI and privacy risk management; and a relocation of the Framework’s use guidelines to the web.
NIST is accepting public comments on the draft until June 13th. Following this period, it will consider additional changes and release a final version later this year.
“This is a modest but significant update,” said NIST’s Julie Chua, director of NIST’s Applied Cybersecurity Division. “The Privacy Framework can be used on its own to manage privacy risks, but we have also maintained its compatibility with CSF 2.0 so that organisations can use them together to manage the full spectrum of privacy and cybersecurity risks.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
