Date Published: November 15, 2023
Comments Due: January 9, 2024 (public comment period is CLOSED)
Email Questions to:
data-nccoe@nist.gov
Data classification is the process an organization uses to characterize its data assets using persistent labels so those assets can be managed properly. Data classification is vital for protecting an organization’s data at scale because it enables application of cybersecurity and privacy protection requirements to the organization’s data assets. This publication defines basic terminology and explains fundamental concepts in data classification so there is a common language for all to use. It can also help organizations improve the quality and efficiency of their data protection approaches by becoming more aware of data classification considerations and taking them into account in business and mission use cases, such as secure data sharing, compliance reporting and monitoring, zero-trust architecture, and large language models.
Submit Comments
The public comment period for the draft is open until 11:59 p.m. EST on Tuesday, January 9, 2024. Visit the NCCoE Data Classification project page for a copy of the draft and comment form.
Join the Community of Interest
To receive the latest project news and updates, consider joining the NCCoE Data Classification Community of Interest. You can sign-up to become a COI member via the webform here.
Media Protection; Risk Assessment
Publication:
https://doi.org/10.6028/NIST.IR.8496.ipd
Download URL
Supplemental Material:
Submit comments
Project homepage
Document History:
11/15/23: IR 8496 (Draft)
media protection, privacy, privacy controls, security controls, zero trust
Technologies Applicationscybersecurity education, enterprise, small & medium business