Date Published: November 15, 2023
Comments Due:
Email Questions to:
Author(s)
William Newhouse (NIST), Murugiah Souppaya (NIST), John Kent (MITRE), Kenneth Sandlin (MITRE), Karen Scarfone (Scarfone Cybersecurity)
Announcement
Data classification is the process an organization uses to characterize its data assets using persistent labels so those assets can be managed properly. Data classification is vital for protecting an organization’s data at scale because it enables application of cybersecurity and privacy protection requirements to the organization’s data assets. This publication defines basic terminology and explains fundamental concepts in data classification so there is a common language for all to use. It can also help organizations improve the quality and efficiency of their data protection approaches by becoming more aware of data classification considerations and taking them into account in business and mission use cases, such as secure data sharing, compliance reporting and monitoring, zero-trust architecture, and large language models.
Submit Comments
The public comment period for the draft is open until 11:59 p.m. EST on Tuesday, January 9, 2024. Visit the NCCoE Data Classification project page for a copy of the draft and comment form.
Join the Community of Interest
To receive the latest project news and updates, consider joining the NCCoE Data Classification Community of Interest. You can sign-up to become a COI member via the webform here.
Data classification is the process an organization uses to characterize its data assets using persistent labels so those assets can be managed properly. Data classification is vital for protecting an organization’s data at scale because it enables application of cybersecurity and privacy protection requirements to the organization’s data assets. This publication defines basic terminology and explains fundamental concepts in data classification so there is a common language for all to use. It can also help organizations improve the quality and efficiency of their data protection approaches by becoming more aware of data classification considerations and taking them into account in business and mission use cases, such as secure data sharing, compliance reporting and monitoring, zero-trust architecture, and large language models.
Data classification is the process an organization uses to characterize its data assets using persistent labels so those assets can be managed properly. Data classification is vital for protecting an organization’s data at scale because it enables application of cybersecurity and privacy protection...
See full abstract
Data classification is the process an organization uses to characterize its data assets using persistent labels so those assets can be managed properly. Data classification is vital for protecting an organization’s data at scale because it enables application of cybersecurity and privacy protection requirements to the organization’s data assets. This publication defines basic terminology and explains fundamental concepts in data classification so there is a common language for all to use. It can also help organizations improve the quality and efficiency of their data protection approaches by becoming more aware of data classification considerations and taking them into account in business and mission use cases, such as secure data sharing, compliance reporting and monitoring, zero-trust architecture, and large language models.
Hide full abstract
Keywords
data classification; data governance; data labeling; data management; data privacy; data protection; data security
Control Families
Media Protection; Risk Assessment
