NIST revised framework 'roadmap' details integration of privacy into cyber risk guides

The National Institute of Standards and Technology's proposed “roadmap” for promoting continued use of its landmark framework of cybersecurity standards includes a section on “privacy engineering,” which outlines the agency's plans for integrating privacy protections into cyber-risk management practices and guidelines.

“Although cybersecurity provides some degree of privacy protection, individuals’ privacy cannot be achieved solely by securing personally identifiable information (PII),” states NIST's proposed roadmap issued this month for comments due on Jan. 19.

The revised roadmap was issued...