Welcome to part one of our three part series where we will explore the relationship between NIST’s recently updated cybersecurity framework (NIST CSF), which is one of the most well-adopted security frameworks globally and is considered a gold-standard for security practitioners, and NIST’s privacy framework (NIST PF) in creating privacy and security resilience at companies.
The US National Institute of Standards and Technology’s (NIST) cybersecurity and privacy frameworks help businesses identify, understand, manage, and reduce their cybersecurity and privacy risk.
What is the NIST Cybersecurity Framework?
The NIST Cybersecurity Framework helps businesses of all sizes better understand, manage, and reduce their cybersecurity risk and protect their networks and data. The Framework is voluntary. It was originally introduced in 2014 and updated in 2018 and 2024.
What is the NIST Privacy Framework?
The NIST Privacy Framework is a voluntary tool intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy. It was originally introduced in Jan 2020.
Privacy and Security Are Better Together
Some things just go better together: peanut butter and jelly; pancakes and syrup; and the NIST Cybersecurity Framework and the NIST Privacy Framework.
While security and privacy are distinct disciplines — with the former concerned with data protection and the security of systems and data, and the latter on data collection and use of personal data — the two relate to the protection of personal data.
Bottom line: you can’t have privacy without security.
Source: DataGrail
The recently updated NIST CSF was intended to be compatible with frameworks, such as the NIST Privacy Framework and the NIST AI Risk Management Framework to address other risks faced by businesses.
“Ideally, the CSF will be used to address cybersecurity risks alongside other risks of the enterprise, including those that are financial, privacy, supply chain, reputational, technological, or physical in nature,” wrote NIST.
Key Takeaways
Companies can use NIST’s cybersecurity and privacy frameworks to help identify, understand, manage, communicate about, and reduce their cybersecurity and privacy risk.
If you want to learn more about how to manage data privacy risk, DataGrail partners with brands on their data privacy journey to minimize risk, stay a step ahead of consumer and employee expectations, and save increasingly scarce resources.
Further Learning Resources
- NIST Cybersecurity Framework 2.0
- NIST Privacy Framework
- NIST AI RIsk Management Framework
- Let’s Get Technical: Talking Privacy with Your CISO presentation at the DataGrail Summit by Brandon Greenwood, CISO of Bed Bath & Beyond and Jonathan Agha, CISO of FanDuel
- DataGrail Newsletter