Fwd: [] privacy support in rev4 of NIST SP 80-53

Avri Doria avri at ACM.ORG
Sun Oct 21 20:22:13 CEST 2012


Seems like something worth keeping track of for ICANN RAA and Whois considerations as well as the Impact review on ALL PDPs.

cheers,
avri

Begin forwarded message:

> From: Lee Fisher <blibbet at gmail.com>
> Subject: [ietf-privacy] privacy support in rev4 of NIST SP 80-53
> Date: 21 October 2012 13:13:58 EDT
> To: ietf-privacy at ietf.org
> 
> I just noticed that that NIST SP 80-53 now begins to address Privacy, with a new 23-page appendix J in the rev4 draft from February.
> 
> Is there any coordination between IETF and NIST on privacy?
> 
> http://csrc.nist.gov/publications/drafts/800-53-rev4/sp800-53-rev4-ipd.pdf
> http://en.wikipedia.org/wiki/NIST_Special_Publication_800-53#Fourth_Draft
> 
> ----snip----
> PRIVACY CONTROLS PROVIDING PRIVACY PROTECTION FOR FEDERAL INFORMATION
> 
> Appendix J, Privacy Control Catalog, is a new addition to NIST Special Publication 800-53. It is intended to address the privacy needs of federal agencies. The objective of the Privacy Appendix is fourfold:
> 
> * Provide a structured set of privacy controls, based on international standards and best practices, that help organizations enforce requirements deriving from federal privacy legislation, policies,
> regulations, directives, standards, and guidance;
> 
> * Establish a linkage and relationship between privacy and security controls for purposes of enforcing respective privacy and security requirements which may overlap in concept and in implementation within federal information systems, programs, and organizations;
> 
> * Demonstrate the applicability of the NIST Risk Management Framework in the selection, implementation, assessment, and monitoring of privacy controls deployed in federal information systems, programs, and organizations; and
> 
> * Promote closer cooperation between privacy and security officials within the federal government to help achieve the objectives of senior leaders/executives in enforcing the requirements in federal privacy legislation, policies, regulations, directives, standards, and guidance.
> 
> There is a strong similarity in the structure of the privacy controls in Appendix J and the security controls in Appendices F and G. Moreover, the use of privacy plans in conjunction with security plans provides an opportunity for organizations to select the appropriate set of security and privacy controls in accordance with organizational mission/business requirements and the environments in which the organizations operate. Incorporating the same concepts used in managing information security risk, helps organizations implement privacy controls in a more cost-effective, risked-based manner while simultaneously protecting individual privacy and meeting compliance requirements.
> 
> Standardized privacy controls provide a more disciplined and structured approach for satisfying federal privacy requirements and demonstrating compliance to those requirements.
> ----snip----
> 
> _______________________________________________
> ietf-privacy mailing list
> ietf-privacy at ietf.org
> https://www.ietf.org/mailman/listinfo/ietf-privacy
> 


More information about the Ncuc-discuss mailing list