Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST IR 8496 (Initial Public Draft)

Data Classification Concepts and Considerations for Improving Data Collection

Date Published: November 15, 2023
Comments Due: January 9, 2024 (public comment period is CLOSED)
Email Questions to:


William Newhouse (NIST), Murugiah Souppaya (NIST), John Kent (MITRE), Kenneth Sandlin (MITRE), Karen Scarfone (Scarfone Cybersecurity)


Data classification is the process an organization uses to characterize its data assets using persistent labels so those assets can be managed properly. Data classification is vital for protecting an organization’s data at scale because it enables application of cybersecurity and privacy protection requirements to the organization’s data assets. This publication defines basic terminology and explains fundamental concepts in data classification so there is a common language for all to use. It can also help organizations improve the quality and efficiency of their data protection approaches by becoming more aware of data classification considerations and taking them into account in business and mission use cases, such as secure data sharing, compliance reporting and monitoring, zero-trust architecture, and large language models.

Submit Comments

 The public comment period for the draft is open until 11:59 p.m. EST on Tuesday, January 9, 2024. Visit the NCCoE Data Classification project page for a copy of the draft and comment form.

 Join the Community of Interest

 To receive the latest project news and updates, consider joining the NCCoE Data Classification Community of Interest. You can sign-up to become a COI member via the webform here.



data classification; data governance; data labeling; data management; data privacy; data protection; data security
Control Families

Media Protection; Risk Assessment


Download URL

Supplemental Material:
Submit comments
Project homepage

Document History:
11/15/23: IR 8496 (Draft)