[WG-P3] Release of NIST SP 800-53 Appendix J, , DRAFT Privacy Control Catalog

Shin_Adachi shin at adachi.us
Tue Jul 19 16:43:43 EDT 2011

Of your possible interest,


SP 800-53 Appendix J

DRAFT Privacy Control Catalog

The National Institute of Standards and Technology (NIST) announces the 
initial public draft of Special Publication 800-53, Appendix J, Privacy 
Control Catalog. With the increasing dependency on information systems, 
dramatic advances in information technologies, and significant growth in 
new applications of those technologies in such areas as cloud computing, 
smart grid, and mobile computing, information security and privacy are 
taking on new levels of importance in the public and private sectors. 
Privacy, with respect to personally identifiable information, is a core 
value that can be achieved only with appropriate legislation, policies, 
and associated controls to ensure compliance with requirements. In 
today's digital world, effective privacy for individuals depends on a 
solid foundation of information security safeguards in the information 
systems that are processing, storing, and transmitting personally 
identifiable information. Privacy and security controls in federal i!
  nformation systems, programs, and organizations are complementary and 
mutually reinforcing in trying to achieve the privacy and security 
objectives of organizations. Appendix J, Privacy Control Catalog, is a 
new addition to NIST's family of standards and guidelines that will be 
incorporated into the 2011 update to Special Publication 800-53, 
Revision 4, projected for release in December 2011. Due to the 
importance and special nature of the material in this Appendix, it is 
being publicly vetted separately from the other changes to the 
publication which will be released later this year. The objectives of 
the Privacy Appendix are fourfold:

Provide a structured set of privacy controls, based on international 
standards and best practices, that help organizations enforce 
requirements deriving from federal privacy legislation, policies, 
regulations, directives, standards, and guidance;
Establish a linkage and relationship between privacy and security 
controls for purposes of enforcing respective privacy and security 
requirements which may overlap in concept and in implementation within 
federal information systems, programs, and organizations;
Demonstrate the applicability of the NIST Risk Management Framework in 
the selection, implementation, assessment, and monitoring of privacy 
controls deployed in federal information systems, programs, and 
organizations; and
Promote closer cooperation between privacy and security officials within 
the federal government to help achieve the objectives of senior 
leaders/executives in enforcing the requirements in federal privacy 
legislation, policies, regulations, directives, standards, and guidance.
The public comment period for NIST Special Publication 800-53, Appendix 
J, is July 19 through September 2, 2011.
Please send comments to sec-cert at nist.gov.


Here is the URL to the News & Announcement page:

URL to Appendix J - PDF file:


More information about the WG-P3 mailing list