The National Institute of Standards and Technology looks to release the final version of its Risk Management Framework 2.0 early next year, and is working to get critical privacy controls worked into it, according to NIST Fellow Ron Ross, one of the initiative’s primary managers.
The work to get the RMF completed includes discussions with the White House’s Office of Information and Regulatory Affairs on the privacy additions. Ross says that those discussions are important because the latest version of the RMF will cover a number of critical areas, including supply chain and systems engineering, but also privacy.
RMF 2.0’s new privacy provisions address how organizations can assess and manage risks to data and systems by focusing on protecting individuals’ personally identifiable information.