Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 1800-39 (Initial Preliminary Draft)

Implementing Data Classification Practices

Date Published: April 25, 2023
Comments Due: June 12, 2023 (public comment period is CLOSED)
Email Questions to:


William Newhouse (NIST), Murugiah Souppaya (NIST), John Kent (MITRE), Kenneth Sandlin (MITRE), Karen Scarfone (Scarfone Cybersecurity)


The National Cybersecurity Center of Excellence (NCCoE) has published for comment Preliminary Draft NIST SP 1800-39A, Implementing Data Classification Practices. 

About the Project

Organizations are managing an increasing volume of data while maintaining compliance with policies for protecting that data. Those policies are driven by business, regulatory, data security, and privacy requirements. This publication can help organizations reduce the risk of data breaches, loss, and mishandling through data-centric security management, by demonstrating how to discover and classify data based on its characteristics regardless of where the data resides or how it is shared.

The NCCoE and its collaborators are using commercially available technology to build interoperable data classification solutions for use cases. As the project progresses, this preliminary draft will be updated with supporting guidance, and additional use cases and volumes will also be released to solicit public comment.

Submit Comments

The public comment period for this draft is open now through June 12, 2023.

Join the Community of Interest

If you have expertise and/or interest in data-centric security practices, consider joining the NCCoE Data Classification Community of Interest (COI) to receive the latest project news and updates! Email the team at declaring your interest.

Control Families

PII Processing and Transparency; Risk Assessment


NIST SP 1800-39A iprd (pdf)

Supplemental Material:
Project homepage

Document History:
04/25/23: SP 1800-39 (Draft)


Security and Privacy

categorization, privacy, zero trust






financial services, healthcare, manufacturing