Compliance Glossary

The NIST Privacy Framework is a set of guidelines and recommendations that are useful for the organization in minimizing privacy risks while collecting or storing personal information. It integrates privacy into product or service design while assuring compliance with a relevant law and building customer trust. The framework was created due to the growing number of cybercrime incidents, as well as the increased complexity of privacy legislations around the globe.

NIST Privacy framework applies in tandem with NIST Cybersecurity Framework (CSF) to new privacy challenges. Both the frameworks come essentially with three major components: Core, Profiles, and Implementation Tiers.

• The five functions under the core of three categories and subcategories are: Identify-P, Govern-P, Control-P, Communicate-P, and Protect-P. It provides organizations with an initial structure about what they should know about the privacy risks and the necessary measures to be placed in such activities.
• Profiles help organizations develop a plan in line with their intended state, specified objectives, and willingness to accept the associated risk. Profiles make it easier for the framework to satisfy the privacy management needs of an organization, as it remains in line with the desired requirements.

The implementation tiers range from Tier 1: Partial to Tier 4: Adaptive. That is to say, organizations can measure and understand maturity relating to their privacy practices and hence determine the level of thoroughness needed for particular privacy risk management activities.