U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology Laboratory / Applied Cybersecurity Division

Privacy Engineering Program

Risk Assessment Tools

Share

Return to Risk Assessment

Comcast xCompass

xCompass is a questionnaire developed from Models of Applied Privacy (MAP) personas so that threat modelers can ask specific and targeted questions covering a range of privacy threats. Each question is linked to a persona, built on top of LINDDUN and NIST Privacy Risk Assessment Methodology. xCompass contextualizes threats, by considering potential privacy threats as a combination of threat actor (both malicious and benign), mechanism of attack, and probable impact. Teams can use xCompass directly as an assessment to model different privacy threats to their application. 

Affiliation/Organization(s) Contributing: Comcast
GitHub POC: @rtrimana, @0spider, and @devjayati

Comcast xCompass on GitHub   Share Feedback

Privado Scan

Privado Scan is an open-source privacy scanner that allows an engineer to scan their application code and discover how data flows in the application. It detects hundreds of personal data elements being processed and further maps the data flow from the point of collection to "sinks" such as external third parties, databases, logs, and internal APIs. It allows privacy engineers to concretely verify and assess if a certain data collection policy set on an application actually matches the implementation right in the code itself - thus embedding privacy assessments in the developers' workflow.

Additional Info: Here are some resources to learn how Privado Scan works and how to contribute to it:

  • Source: RulesEngine
  • Docs: https://docs.privado.ai
  • Use Cases:
    • Generate and maintain data maps and Record of Processing Activity (RoPA) Reports by scanning code
    • Discover and classify personal data elements inside the application's code and verify if they adhere to privacy policies
    • Get comprehensive insight on dataflows within an application from interesting sources (such as user input forms) to interesting sinks (such as logs, external services, third parties, databases etc.)
    • Verify and enforce data protection and governance policies right in code
    • Assess private data leakage risks by directly verifying it at an engineering level (eg. verify if a developer collected precise location in a phone app and if it was actualy sent to a remote third party logging service)
  • Talks/Videos: Building an Automated Machine for Discovering Privacy Violations at Scale (Usenix Enigma 2023) [Link]

Feedback and suggestions for improvement of Privado Scan are welcome. Please reach out to Privado on the Privado Slack Community.

Affiliation/Organization(s) Contributing: Privado Inc. 
GitHub POC: @tuxology

Privado Scan on GitHub   Share Feedback

FAIR Privacy

FAIR Privacy is a quantitative privacy risk framework based on FAIR (Factors Analysis in Information Risk). FAIR Privacy examines personal privacy risks (to individuals), not organizational risks. Included in this tool is a PowerPoint deck illustrating the components of FAIR Privacy and an example based on a hypothetical smart lock manufacturer. In addition, an Excel spreadsheet provides a powerful risk calculator using Monte Carlo simulation.

Notes: V2.11 March 2022 Update: A revised version of the PowerPoint deck and calculator are provided based on the example used in the paper "Quantitative Privacy Risk" presented at the 2021 International Workshop on Privacy Engineering. The newer Excel based calculator:

  • uses a Poisson distribution for threat opportunity (previously Beta-PERT)
  • uses Binomial distribution for Attempt Frequency and Violation Frequency (Note: inherent baseline risk assumes 100% vulnerability)
  • provides a method of calculating organizational risk tolerance
  • provides a second risk calculator for comparison between two risks for help prioritizing efforts
  • provides a tab for comparing inherent/baseline risk to residual risk, risk tolerance and the other risk tab
  • increased instructional text
  • genericization of privacy harm and adverse tangible consequences

Some additional resources are provided in the PowerPoint deck. Feedback and suggestions for improvement on both the framework and the included calculator are welcome. Additionally, analysis of the spreadsheet by a statistician is most welcome.

Affiliation/Organization(s) Contributing: Enterprivacy Consulting Group
GitHub POC: @privacymaverick

FAIR Privacy on GitHub   Share Feedback

NIST Privacy Risk Assessment Methodology (PRAM)

The PRAM is a tool that applies the risk model from NISTIR 8062 and helps organizations analyze, assess, and prioritize privacy risks to determine how to respond and select appropriate solutions. The PRAM can help drive collaboration and communication between various components of an organization, including privacy, cybersecurity, business, and IT personnel.

Worksheet 1: Framing Business Objectives and Organizational Privacy Governance
Worksheet 2: Assessing System Design; Supporting Data Map
Worksheet 3: Prioritizing Risk
Worksheet 4: Selecting Controls
Catalog of Problematic Data Actions and Problems

Notes: NIST welcomes organizations to use the PRAM and share feedback to improve the PRAM.

Affiliation/Organization(s) Contributing: NIST
GitHub POC: @kboeckl

PRAM on GitHub   Share Feedback

Interested in contributing? 

Contribute your privacy risk assessment tool.

Contribute

 

Privacy
Created October 28, 2018, Updated April 10, 2025