Date Published: April 25, 2023
Comments Due:
Email Questions to:
Author(s)
William Newhouse (NIST), Murugiah Souppaya (NIST), John Kent (MITRE), Kenneth Sandlin (MITRE), Karen Scarfone (Scarfone Cybersecurity)
Announcement
The National Cybersecurity Center of Excellence (NCCoE) has published for comment Preliminary Draft NIST SP 1800-39A, Implementing Data Classification Practices.
About the Project
Organizations are managing an increasing volume of data while maintaining compliance with policies for protecting that data. Those policies are driven by business, regulatory, data security, and privacy requirements. This publication can help organizations reduce the risk of data breaches, loss, and mishandling through data-centric security management, by demonstrating how to discover and classify data based on its characteristics regardless of where the data resides or how it is shared.
The NCCoE and its collaborators are using commercially available technology to build interoperable data classification solutions for use cases. As the project progresses, this preliminary draft will be updated with supporting guidance, and additional use cases and volumes will also be released to solicit public comment.
Submit Comments
The public comment period for this draft is open now through June 12, 2023.
Join the Community of Interest
If you have expertise and/or interest in data-centric security practices, consider joining the NCCoE Data Classification Community of Interest (COI) to receive the latest project news and updates! Email the team at data-nccoe@nist.gov declaring your interest.
Control Families
PII Processing and Transparency; Risk Assessment
