Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Data Classification Practices: Final Project Description Released

NIST's National Cybersecurity Center of Excellence has released a final Project Description on data classification practices.

The National Cybersecurity Center of Excellence (NCCoE) has finalized its project description for Data Classification Practices: Facilitating Data-Centric Security. As part of a zero trust approach, data-centric security management aims to enhance the protection of information (data) regardless of where the data resides or who it is shared with. Standardized mechanisms for communicating data characteristics and protection requirements are needed to make data-centric security management feasible at scale.

Once the Federal Register Notice announcing the Data Classification Practices project is published, the NCCoE will solicit industry participation to develop an approach for defining data classifications and data handling rulesets and for communicating them to others. In addition, this project will attempt a basic proof-of-concept implementation that will include limited data discovery, analysis, classification, and labeling capabilities, as well as a rudimentary method for expressing how data with a particular label should be handled for each use case scenario. This project will result in practice guides and other publications to encourage increased standardization and adoption of data classification methods.

You can join the Community of Interest by sending an email to data-nccoe [at] (data-nccoe[at]nist[dot]gov).

Released July 22, 2021, Updated September 23, 2021