The National Cybersecurity Center of Excellence (NCCoE) has finalized its project description for Data Classification Practices: Facilitating Data-Centric Security. As part of a zero trust approach, data-centric security management aims to enhance the protection of information (data) regardless of where the data resides or who it is shared with. Standardized mechanisms for communicating data characteristics and protection requirements are needed to make data-centric security management feasible at scale.
Once the Federal Register Notice announcing the Data Classification Practices project is published, the NCCoE will solicit industry participation to develop an approach for defining data classifications and data handling rulesets and for communicating them to others. In addition, this project will attempt a basic proof-of-concept implementation that will include limited data discovery, analysis, classification, and labeling capabilities, as well as a rudimentary method for expressing how data with a particular label should be handled for each use case scenario. This project will result in practice guides and other publications to encourage increased standardization and adoption of data classification methods.
You can join the Community of Interest by sending an email to data-nccoe [at] nist.gov.