You are currently viewing NIST Cybersecurity Framework To Get Privacy Framework Companion

NIST Cybersecurity Framework To Get Privacy Framework Companion

September 05, 2018 – NIST launched a collaborative privacy framework initiative as a complement to the NIST Cybersecurity Framework, the agency announced Sept. 4.

In an era of innovative technologies, such as the Internet of Things and AI, it is critical for a company to understand how their teams and systems store, share, analyze and protect the company’s core private data.

At SkyFlok, we not only use AES-256 to encrypt your data for both transmission and rest (while stored in the Cloud), but we also spread your data across multiple Cloud providers meaning that no single provider can see your data.  Moreover, SkyFlok does not store or transport your data through its servers keeping your files private at all times.

Enjoy secure storage and sharing and keep your and your clients’ data private with SkyFlok!

“We’ve had great success with broad adoption of the NIST Cybersecurity Framework, and we see this as providing complementary guidance for managing privacy risk,” said Under Secretary of Commerce for Standards and Technology and NIST Director Walter Copan.

“The development of a privacy framework through an open process of stakeholder engagement is intended to deliver practical tools that allow continued US innovation, together with stronger privacy protections.”

The privacy framework would provide an enterprise-level approach that helps organizations prioritize strategies for flexible and effective privacy protection solutions so that individuals can enjoy the benefits of innovative technologies with greater confidence and trust.

NIST plans to hold a public workshop on the privacy framework in conjunction with the International Association of Privacy Professionals’ Privacy. Security. Risk. 2018 conference being held in Austin, Texas, next month.

The Austin public workshop is the first in a series planned to collect current practices, challenges, and requirements in managing privacy risks in ways that go beyond common cybersecurity practices.

“Consumers’ privacy expectations are evolving at the same time that there are multiplying visions inside and outside the U.S. about how to address privacy challenges,” said NIST Senior Privacy Policy Advisor Naomi Lefkovitz.

“NIST’s goal is to develop a framework that will bridge the gaps between privacy professionals and senior executives so that organizations can respond effectively to these challenges without stifling innovation,” said Lefkovitz, who is the agency lead for the privacy framework.

Through these workshops and other outreach efforts, “we want to gather the best ideas from many stakeholders so that the privacy framework tool we develop is useful and effective for a wide range of organizations,” she added.

At the same time as the NIST initiative, the National Telecommunications and Information Administration (NTIA), another Department of Commerce agency, is developing a domestic legal and policy approach for consumer privacy in coordination with the International Trade Administration.

“NTIA, in coordination with our Commerce Department colleagues in the International Trade Administration and the National Institute of Standards and Technology, recently began holding stakeholder meetings to identify common ground and formulate core, high-level principles on data privacy,” related Assistant Secretary of Commerce for Communications and Information David Redl in a July 27 speech to IGF-USA.

Redl cited data from a 2017 US Census Bureau survey analyzed by NTIA. The study found that nearly three quarters of Internet-using households had concerns about privacy and security risks, such as identity theft or loss of control over personal information.

More than one-third of online households said that privacy or security concerns had stopped them from engaging in certain online activities, such as buying goods or making a financial transaction, at some point in the last year. About 20 percent said they had experienced an online security breach, identity theft, or a similar crime during the past year.

“We also know that industry is looking to the Administration to demonstrate leadership on this issue – they’re rightfully concerned about the potential for a fractured and stifling regulatory landscape,” Redl said.

“We will be looking to strike a balance between prosperity and privacy that is in line with American values – and we’re listening to a broad cross-section of stakeholders to find that balance. We want to learn how various sectors are coping with the uncertainties surrounding this topic,” he added.

The Commerce Department plans to publish high-level privacy principles along with a Request for Comment to get consumer and industry feedback on the principles.

“Carefully crafted principles will build consumer confidence, boost our economy, and clear the way for innovation. Creating confidence in how we use data is critical for today’s technologies and those yet to come,” Redl concluded.


Or go back to

Daniel Lucani

PhD at MIT. Author of 8 patents and applications on network coding. Tech expert 12+ years experience.