NIST held this hybrid public workshop to inform an update of the NIST Privacy Framework to version 1.1 and the development of a joint NIST Frameworks Data Governance and Management Profile (DGM Profile). With the release of version 2.0 of the NIST Cybersecurity Framework (CSF), NIST intends to make a modest update to the Privacy Framework to support realignment with the CSF. The update also provides an opportunity to ensure the Privacy Framework is still responsive to current privacy risk management needs since its release four years ago.
Additionally, stakeholders have expressed a desire for a resource to support use of NIST frameworks for privacy, cybersecurity, and artificial intelligence together. With data governance being a starting point for many organizations, NIST has determined to develop the DGM Profile as a way to demonstrate how the NIST Privacy Framework Version 1.0, the NIST AI Risk Management Framework, and the NIST Cybersecurity Framework (CSF) Version 2.0 can be used together. The workshop gathered input to ensure Privacy Framework 1.1 and the DGM Profile effectively address stakeholder needs.
The opening plenary featured expert panels that explored organizational data governance and management approaches and challenges as well as insights for updating the NIST Privacy Framework. Following the plenary, participants had the opportunity to provide their feedback and perspectives during dedicated breakout sessions for the Privacy Framework 1.1 update and the DGM Profile. Stakeholder input in the workshop will help inform initial public drafts of the Privacy Framework 1.1 and the DGM Profile.
Workshop Inputs: Concept papers for the Privacy Framework 1.1 update and the DGM Profile were posted in advance of the workshop.
Expected Workshop Outputs: NIST will publish a workshop summary. Stakeholder feedback provided during the workshop will be used to inform initial public drafts of Privacy Framework 1.1 and the DGM Profile.
CPE credits: The International Association of Privacy Professionals (IAPP) has approved up to 7 CPE credits for attending this workshop. To request credits from IAPP, please see this form.
Sign Up for Updates: Please sign up for our mailing list to receive updates on Privacy Framework 1.1 and the development of the DGM Profile.
Privacy Framework 1.1 Concept Paper (PDF) Data Governance and Management Profile Concept Paper (PDF) Cybersecurity Framework 2.0 to Privacy Framework 1.0 Crosswalk (.xlsx) Speaker Biographies (PDF)
If you have any questions, contact PrivacyFramework [at] nist.gov (PrivacyFramework[at]nist[dot]gov)
Time | Agenda Item | Type and Location | |
---|---|---|---|
8:30 – 9:00 AM | Registration | Open to all Commerce Main Lobby | |
9:00 – 9:10 AM | Plenary: Welcome Opening Remarks Speaker:
| Open to all; recorded
Commerce Auditorium
Livestream access | |
9:10 – 9:30 AM | Plenary: First Session Charting the Course: Navigating Tech Challenges with NIST Resources This fireside chat will explore today’s complex, dynamic technology landscape and the numerous challenges facing organizations seeking to harness the value of data. The session will discuss how NIST resources can support cross-functional and interdisciplinary collaboration as well as ethical decision-making to maximize data utility while mitigating impacts to users and organizations. Moderator:
Speaker:
| Open to all; Recorded
Commerce Auditorium
Livestream access | |
9:30 – 10:30 AM | Plenary: Second Session Pardon Our Dust: NIST Privacy Framework 1.1 Update The NIST Privacy Framework (PF) is a “living” document, which evolves to meet stakeholder needs. The time has arrived to update the PF to maintain alignment with the recently updated Cybersecurity Framework (CSF) 2.0. Panelists will share their experiences using PF 1.0 and highlight areas the tool could be improved to facilitate use with CSF 2.0 and meet current privacy risk management needs. Moderator:
Speakers:
| Open to all; recorded
Commerce Auditorium
Livestream access | |
15 min break | |||
10:45 – 11:45 AM | Plenary: Third Session NISTifying Data Governance: Developing a Joint NIST Frameworks Data Governance and Management Profile Many organizations struggle with data governance and management. This panel will examine the pressing need for a resource that takes a consistent approach to data governance and supports use of NIST Frameworks together to better manage privacy, cybersecurity, and AI risks. Speakers will share insights into their approach to data governance and ways to structure a joint NIST Frameworks Data Governance and Management Profile to provide practical guidance for deriving data value responsibly. Moderator:
Speakers:
| Open to all; recorded
Commerce Auditorium
Livestream access | |
11:45 AM - 12:15 PM | Plenary: Fourth Session NIST Review of Workshop Concepts NIST will introduce and provide an overview of the workshop’s supplemental materials, which will drive breakout session discussions. Learn about proposed NIST Privacy Framework Updates, concepts for developing the DGM Profile, and NIST’s goals for the workshop. Time is reserved for participant Q&A following the presentation. Speakers:
| Open to all; recorded
Commerce Auditorium
Livestream access | |
Lunch Break (12:15 – 1:10 PM) | |||
BREAKOUTS Each breakout session for the PF 1.1 and DGM Profile will repeat the same topics. Attendees who would like to attend both PF 1.1 and DGM Profile breakouts should select two time slots on the registration page. | |||
1:10 – 2:40 PM | Breakout Session #1 – Hybrid
| Closed rooms; no recording | |
PF 1.1 Room 1414 | DGM Profile Room 1412 | ||
Break (2:40 PM – 3:00 PM) | |||
3:00 – 4:30 PM | Breakout Session #2 – Hybrid
| Closed rooms; no recording | |
PF 1.1 Room 1414 | DGM Profile Room 1412 | ||
Close of Day 1 |
Time | Agenda Item | Type | |
---|---|---|---|
9:00 – 10:30 AM
| Breakout Session #3 – Virtual only
| Closed rooms; no recording
| |
PF 1.1 Zoom meeting | DGM Profile Zoom meeting | ||
Close of Day 2 |
Time | Agenda Item | Type |
---|---|---|
Recorded and posted after the workshop | Workshop Recap NIST will summarize key takeaways from the workshop and outline next steps in the PF 1.1 and DGM Profile development. | Recorded |
Additional Information for In-Person Attendees:
For Non-US Citizens: Please have your valid passport for photo identification.
For US Permanent Residents: Please have your legal resident permanent card for photo identification.
For US Citizens: Please have your U.S. identification card, state-issued driver's license, or passport. Regarding Real-ID requirements, all states are in compliance or have an extension through May 2025.