The National Institute of Standards and Technology has published a new draft of its Privacy Framework, or PFW, enabling organizations to manage privacy risks posed by personal data passing through IT systems.
The updated PFW is designed to address existing privacy risk management requirements, maintain alignment with the revised Cybersecurity Framework, or CSF, and enhance usability, NIST said Monday. Failure to manage such risks could affect individuals and society and potentially damage organizations’ brands, bottom lines and growth prospects, the agency noted.
Table of Contents
Managing Privacy Risks
Julie Anne Chua, director of the NIST’s applied cybersecurity division, described the release as “a modest but significant update.” “The PFW can be used on its own to manage privacy risks, but we have also maintained its compatibility with CSF 2.0 so that organizations can use them together to manage the full spectrum of privacy and cybersecurity risks,” she explained.
Notable Changes to Draft PFW
The draft PFW includes targeted changes to its core structure for alignment with the latest CSF version and a new section on AI and privacy risk management. The updated framework also moved its guidelines to the web, enabling users to readily access an interactive FAQ page that delivers quick answers. To complement the FAQ section, NIST established a PFW Learning Center that offers quick-start guides in several languages and features a video discussing the draft updates.
NIST is soliciting public comments on the draft and will accept submissions until June 13.
Join the Potomac Officers Club’s 2025 Cyber Summit on May 15 to discover innovative cyber technologies for a secure and resilient public sector. Register now to attend this important event!
Related Articles
Gregory Barbaccia, federal chief information officer and a 2025 Wash100 awardee, has shared his insights on how the federal government should advance digital transformation. “I notice a lot of the government considers itself to be ‘digital,’ but in reality, we’ve only digitized, not transformed. Sure we went 0-1, but that should have just been the beginning,” Barbaccia wrote in a LinkedIn post. He noted the lack of automation and that workflows remain unchanged despite the replacement of paper ledgers with spreadsheets. “Files are shared over email instead of through real-time collaboration tools,” he added. Advancing Digital Transformation in Federal Government
The Federal Communications Commission has adopted new rules that seek to eliminate unnecessary paperwork and address regulatory barriers to the ground-station-as-a-service, or GSaaS, business model as part of efforts to drive innovation in the U.S. space economy. FCC said Thursday the new rules establish a process for ground station operators to secure a baseline license without first identifying a satellite point of communication. A simple FCC notification will be required for each new point of communication. According to FCC, the change would eliminate nearly half of earth station modification applications. “Making the smallest change to a satellite system or earth
The General Services Administration has announced a OneGov agreement with Amazon Web Services that will provide up to $1 billion in direct incentive credits to federal civilian agencies. According to GSA, the direct incentive credits, aggregated across the agencies, will include savings on core AWS cloud services through AWS credits, infrastructure and application technologies modernization through AWS modernization credits, access to AWS training and certification through training credits and a streamlined engagement model with greater savings for direct contracts through direct partnerships. Advancing America’s AI Leadership The agreement is expected to accelerate large-scale IT transformation and boost AI innovation across