NIST is developing the Privacy Framework in stages to enable the greatest amount of engagement and feedback from the public. This page contains the documents for the current stage of development.
Supplemental Materials to the Privacy Framework Discussion Draft
Posted June 26, 2019
NIST developed the following documents based on stakeholder input received since the release of the Privacy Framework Discussion Draft (Discussion Draft). While the Discussion Draft is still the current complete working draft of the framework, these materials are intended to drive additional feedback about aspects of the Discussion Draft that generated significant dialogue. NIST will use feedback on these materials to develop a preliminary draft of the framework. Areas of particular interest for feedback can be found in notes to reviewers in each document, but all feedback is welcome.
Two Proposed Cores: Integrated and Separated Versions
The two proposed Cores offer different levels of alignment with the Cybersecurity Framework. In the Separated Core, NIST has removed the overlapping Cybersecurity Framework Functions, Categories, Subcategories that pertain to data security. In contrast, the Integrated Core maintains data security Functions, Categories, and Subcategories that overlap with the Cybersecurity Framework. In addition, each Core contains the same updates based on specific feedback on the Discussion Draft Core. A summary of material changes can be found in each document.
Draft Executive Summary
This extended summary is intended to clarify issues about the scope and purpose of the Privacy Framework that generated significant dialogue, including privacy risk to individuals and the relationship to organizational risk, privacy risk assessment terminology, the relationship of privacy risk and cybersecurity risk, and organizational roles.
Hypothetical Use Case Profiles
Two hypothetical use cases to improve understanding of the Core and demonstrate how the development of Profiles can increase collaboration and dialogue across organizations and support risk-based decisions.
Proposed Roadmap Topic Areas
This document proposes priority areas that pose challenges to organizations in achieving their privacy objectives for inclusion in a companion roadmap to the Privacy Framework.
This document contains updated terms and definitions.
*Note: the Separated Core was updated on July 3, 2019, to correct the subcategory text in CM.AW-P8.
Privacy Framework Discussion Draft
Posted April 30, 2019
The Discussion Draft is the current complete working draft of the Privacy Framework. The supplemental materials provide updates or options to improve aspects of the Discussion Draft that generated significant dialogue among stakeholders.