NIST, the National Institute of Standards and Technology, is a lab and non-regulatory federal agency of the U.S. Department of Commerce. Founded in 1901 as a tool to boost the U.S.'s global competitiveness, NIST fosters efforts to create standards across technology systems. Today, NIST continues to push for innovation in a variety of industries and develops guidelines to do so. Two such guidelines are the Cybersecurity Framework (CSF) and the recently released Privacy Framework.
While most guidelines that NIST creates are unenforced, the federal government endorses this guidance as best practice across sectors.
The NIST Framework for Improving Critical Infrastructure, more commonly known as the NIST Cybersecurity Framework or even CSF, is a tool to help organizations manage risks to critical infrastructure more consistently. It is made up of three components:
Related Reading: Top Data Breaches of 2019: How You Can Minimize Your Risks
The Cybersecurity Framework can be used to uncover and prioritize cybersecurity goals to reduce risk. For detailed information about the Cybersecurity Framework, see NIST’s training modules.
Rolled out in January of 2020, the NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management is a means to help organizations manage privacy risks and protect individuals’ privacy while collecting and using personal data.
The Privacy Framework overlaps slightly with the Cybersecurity Framework as a risk management document, but with an eye towards individuals whose personal data is exposed. It also differentiates between cybersecurity-related data incidents and events stemming from data processing.
Related Reading: Think Your Customer Data was Exposed? Follow These Steps
Like the Cybersecurity Framework, the Privacy Framework is made up of Implementation Tiers, Profiles, and overarching Cores which encompass how to understand and mitigate the privacy risks of data processing:
Related Reading: Think like a Hacker and Secure Your Data
Version 1.0 of the NIST Privacy Framework was released in January 2020. For the most recent version, see the Privacy Framework overview on NIST’s website.
While the Privacy and Cybersecurity Frameworks are suggestions for organizations, they offer helpful ways to adhere to new laws like GDPR and the CCPA, and federal laws like HIPAA and FISMA. Both are meant to:
Related Reading: Defending Against Data Breach
Ensuring secure infrastructure can help avoid data breaches and their consequences: fines, loss of customer trust, and loss of business.
Using secure and auditable tools to transfer and process data can significantly reduce your risk of both data breaches and improper handling of personal data. Know that your file transfers are encrypted, and that only appropriate users have access to certain folders and files.