Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

IAPP CIPM Crosswalk


Crosswalk (XLSX) This workbook contains the mapping in both directions on two different tabs (Privacy Framework to source, and source to Privacy Framework).


Resource Identifier: IAPP CIPM Crosswalk
Source Name: IAPP Certified Information Privacy Manager (CIPM) Body of Knowledge
Contributor: International Association of Privacy Professionals
Contributor GitHub Username: @tgrotheeriapp
Date First Posted: March 19, 2020
Date Last Verified or Updated: December 21, 2020
Related Documentation: The Skill Set Needed to Implement a Privacy Risk Management Framework
Contributor Notes: To offer insight into the professional skillset needed to implement the NIST Privacy Framework, the International Association of Privacy Professionals’ Westin Research Center mapped the Privacy Framework’s Core to the Body of Knowledge for a Certified Information Privacy Manager. This body of knowledge was created by the IAPP’s certification advisory board to reflect the skillset and knowledge required by a privacy professional working in the field. It is annually updated, as required by IAPP’s ANSI accreditation, through a formal process to determine what professionals in the field are currently doing, under what conditions, and with what levels of knowledge and skill. The IAPP’s CIPM certification is then updated to align with this body of knowledge.

As a privacy risk management framework, NIST’s Privacy Framework aligns closely with the CIPM body of knowledge. However, it should be noted that as a framework designed to bring together stakeholders across disciplines, additional skills are needed to go deeper into certain aspects of the Privacy Framework. For instance, lawyers implementing the governance policies, processes, and procedures category will require greater familiarity with the legal regimes in the jurisdictions in which their organizations operate, skillsets more closely aligned with IAPP’s regionally based CIPP bodies of knowledge. Similarly, privacy engineers assessing options for de-identification techniques under the disassociated processing category will need more technical knowledge, such as that reflected in IAPP’s CIPT body of knowledge. The NIST Framework and the CIPM body of knowledge can serve as the bridge between these stakeholders.

The IAPP’s Westin Research Center developed the following table to document how NIST’s Privacy Framework, and more generally a risk management framework designed to bring together security and privacy professionals, aligns with IAPP’s CIPM certification. This mapping serves the dual purpose of informing privacy professionals seeking to understand the skillset needed to implement the NIST Privacy Framework and IAPP’s ongoing work to ensure its certifications are continually refined to meet the needs of the privacy profession across sectors and disciplines.

Feedback on this Resource

There is no discussion at this time for this resource.

You can share feedback, ask questions, or request clarifications about this resource. You will need the resource identifier and contributor’s GitHub username.

Share Feedback

Created March 16, 2020, Updated December 21, 2020