Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Resources

NIST Internal Report (NISTIR) 8062: An Introduction to Privacy Engineering and Risk Management in Federal Systems

NISTIR 8062 introduces the concept of applying systems engineering practices to privacy and provides a new model for conducting privacy risk assessments on federal systems.

NISTIR 8062 (PDF)


NIST Privacy Risk Assessment Methodology (PRAM)

The PRAM is a tool that applies the risk model from NISTIR 8062 and helps organizations analyze, assess, and prioritize privacy risks to determine how to respond and select appropriate solutions. The PRAM can help drive collaboration and communication between various components of an organization, including privacy, cybersecurity, business, and IT personnel.

Worksheet 1: Framing Business Objectives and Organizational Privacy Governance
Worksheet 2: Assessing System Design; Supporting Data Map
Worksheet 3: Prioritizing Risk
Worksheet 4: Selecting Controls
Catalog of Problematic Data Actions and Problems

PRAM (.ZIP)   Version: February 2019

Used the PRAM and have suggestions for improving it? Head over to the Privacy Engineering Collaboration Space, where you can share feedback.

 See the PRAM in the Collaboration Space

Created May 11, 2018, Updated February 28, 2019