NIST’s Privacy Engineering Program (PEP) applies measurement science and systems engineering principles to create frameworks, risk models, guidelines, tools, and standards to help address privacy risks.
PEP has many resources available, including:
- The NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management – A voluntary tool, modeled after NIST’s Cybersecurity Framework, designed to help organizations identify and manage their privacy risks. We provide numerous Privacy Framework implementation resources to help create or improve your privacy program.
- The Privacy Risk Assessment Methodology (PRAM) [direct link to tool download] — A tool that helps organizations analyze, assess, and prioritize privacy risks to determine how to respond and select appropriate solutions. The PRAM can help drive collaboration and communication between various components of an organization, including privacy, cybersecurity, business, and IT personnel.
- The Privacy Engineering Collaboration Space — An open, virtual platform for practitioners to share, discuss, and improve upon open-source tools, solutions, and processes that support privacy engineering and risk management
- The Privacy Workforce Public Working Group (PWWG) — The working group is creating a set of Task, Knowledge, Skills statements to support the development of a workforce capable of managing privacy risks.