[2/27/24, 11:00 AM EST] CSRC has been experiencing technical difficulties recently. If you are unable to access a CSRC page or resource, or get a 503 error, please try reloading the page several times--it may help to wait a few minutes before trying again. We apologize for the inconvenience, and hope to have a solution in place next week.
Date Published: April 25, 2023
Comments Due: June 12, 2023 (public comment period is CLOSED)
Email Questions to: email@example.com
The National Cybersecurity Center of Excellence (NCCoE) has published for comment Preliminary Draft NIST SP 1800-39A, Implementing Data Classification Practices.
About the Project
Organizations are managing an increasing volume of data while maintaining compliance with policies for protecting that data. Those policies are driven by business, regulatory, data security, and privacy requirements. This publication can help organizations reduce the risk of data breaches, loss, and mishandling through data-centric security management, by demonstrating how to discover and classify data based on its characteristics regardless of where the data resides or how it is shared.
The NCCoE and its collaborators are using commercially available technology to build interoperable data classification solutions for use cases. As the project progresses, this preliminary draft will be updated with supporting guidance, and additional use cases and volumes will also be released to solicit public comment.
The public comment period for this draft is open now through June 12, 2023.
Join the Community of Interest
If you have expertise and/or interest in data-centric security practices, consider joining the NCCoE Data Classification Community of Interest (COI) to receive the latest project news and updates! Email the team at firstname.lastname@example.org declaring your interest.
PII Processing and Transparency; Risk Assessment