Professional Documents
Culture Documents
NIST Privacy 101 - An Intro To The NIST Privacy Framework - CompliancePoint - JDSupra
NIST Privacy 101 - An Intro To The NIST Privacy Framework - CompliancePoint - JDSupra
This is the first in a series of blog posts we will publish surrounding the NIST
Privacy Framework. Stay tuned for future updates.
The proliferation of privacy legislation being proposed and passed around the globe makes it
difficult for organizations to keep track of what must be done to comply with these regulations
and demonstrate their due diligence in the handling of personal information. In our
experience, organizations are looking for a framework or certification that will assist in
demonstrating their ability to comply with data privacy regulations. From an implementation
standpoint, however, organizations are unsure of where to begin and how they can comply
with various privacy regulations under one privacy program.
The framework can be crosswalked against other regulations and standards, and any
crosswalks that exist are listed on the NIST website, including the California Consumer
Privacy Act (CCPA), the General Data Protection Regulation (GDPR), Brazil’s LGPD, ISO-
27701, NIST-CSF, and NIST 800-53. However, it should be noted that the NIST-P Framework
is regulation and technology agnostic, and alignment with the framework does not warrant
that a company is compliant with any of these regulations, frameworks, or standards.
Profiles
Implementation Tiers
Profiles assist an organization with managing risk, and there is a concept of a current profile
as well as a future profile. Implementation Tiers assist organizations with managing how
mature their controls are, and very similar to profiles, organizations will have a current
Implementation Tier and a future Implementation Tier.
In our next blog post in this series, we will dive further into Profiles and Implementation
Tiers, including the steps to take to create the organization Profile, determine what
Implementation Tier your organization is in today, and a how-to roadmap to achieve your
organization’s future Implementation Tier goal.
LATEST POSTS
Could New FCC Initiatives Be Responsible for Unsuccessful SMS Campaigns?
Telemarketing Registration 101 Supreme Court Rules on Facebook TCPA ATDS Case
See more »
WRITTEN BY:
CompliancePoint This website uses cookies to improve
user experience, track anonymous site
Contact + Follow usage, store authorization tokens and
permit sharing on social media
networks. By continuing to browse this
Matt Dumiak website you accept the use of cookies.
+ Follow
Click here to read more about how we
use cookies.
Compliance + Follow
Cybersecurity Framework + Follow
NIST + Follow
Privacy + Follow
more
COMPLIANCEPOINT ON: