The National Institute of Standards and Technology has updated its Risk Management Framework (RMF) to cover privacy issues with a focus on helping organizations better understand and protect their member’s personally identifiable information (PII).
The update, which is included in Draft NIST Special Publication (SP) 800-37 Revision 2, includes information on how companies and other organizations can better understand the risks associated with using and storing PII. This differs slightly from what did in the past when it primarily focused on protecting groups from external cybersecurity threats and is designed to bring together the best of the RMF with the NIST Cybersecurity…
