I just noticed that that NIST SP 80-53 now begins to address Privacy,
with a new 23-page appendix J in the rev4 draft from February.
Is there any coordination between IETF and NIST on privacy?
http://csrc.nist.gov/publications/drafts/800-53-rev4/sp800-53-rev4-ipd.pdf
http://en.wikipedia.org/wiki/NIST_Special_Publication_800-53#Fourth_Draft
----snip----
PRIVACY CONTROLS PROVIDING PRIVACY PROTECTION FOR FEDERAL INFORMATION
Appendix J, Privacy Control Catalog, is a new addition to NIST Special
Publication 800-53. It is intended to address the privacy needs of
federal agencies. The objective of the Privacy Appendix is fourfold:
* Provide a structured set of privacy controls, based on international
standards and best practices, that help organizations enforce
requirements deriving from federal privacy legislation, policies,
regulations, directives, standards, and guidance;
* Establish a linkage and relationship between privacy and security
controls for purposes of enforcing respective privacy and security
requirements which may overlap in concept and in implementation within
federal information systems, programs, and organizations;
* Demonstrate the applicability of the NIST Risk Management Framework in
the selection, implementation, assessment, and monitoring of privacy
controls deployed in federal information systems, programs, and
organizations; and
* Promote closer cooperation between privacy and security officials
within the federal government to help achieve the objectives of senior
leaders/executives in enforcing the requirements in federal privacy
legislation, policies, regulations, directives, standards, and guidance.
There is a strong similarity in the structure of the privacy controls in
Appendix J and the security controls in Appendices F and G. Moreover,
the use of privacy plans in conjunction with security plans provides an
opportunity for organizations to select the appropriate set of security
and privacy controls in accordance with organizational mission/business
requirements and the environments in which the organizations operate.
Incorporating the same concepts used in managing information security
risk, helps organizations implement privacy controls in a more
cost-effective, risked-based manner while simultaneously protecting
individual privacy and meeting compliance requirements.
Standardized privacy controls provide a more disciplined and structured
approach for satisfying federal privacy requirements and demonstrating
compliance to those requirements.
----snip----
_______________________________________________
ietf-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-privacy
