NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Fwd: [] privacy support in rev4 of NIST SP 80-53
From:
Avri Doria <[log in to unmask]>
Reply To:
Avri Doria <[log in to unmask]>
Date:
Sun, 21 Oct 2012 14:22:13 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (44 lines) 
Seems like something worth keeping track of for ICANN RAA and Whois considerations as well as the Impact review on ALL PDPs.

cheers,
avri

Begin forwarded message:

> From: Lee Fisher <[log in to unmask]>
> Subject: [ietf-privacy] privacy support in rev4 of NIST SP 80-53
> Date: 21 October 2012 13:13:58 EDT
> To: [log in to unmask]
> 
> I just noticed that that NIST SP 80-53 now begins to address Privacy, with a new 23-page appendix J in the rev4 draft from February.
> 
> Is there any coordination between IETF and NIST on privacy?
> 
> http://csrc.nist.gov/publications/drafts/800-53-rev4/sp800-53-rev4-ipd.pdf
> http://en.wikipedia.org/wiki/NIST_Special_Publication_800-53#Fourth_Draft
> 
> ----snip----
> PRIVACY CONTROLS PROVIDING PRIVACY PROTECTION FOR FEDERAL INFORMATION
> 
> Appendix J, Privacy Control Catalog, is a new addition to NIST Special Publication 800-53. It is intended to address the privacy needs of federal agencies. The objective of the Privacy Appendix is fourfold:
> 
> * Provide a structured set of privacy controls, based on international standards and best practices, that help organizations enforce requirements deriving from federal privacy legislation, policies,
> regulations, directives, standards, and guidance;
> 
> * Establish a linkage and relationship between privacy and security controls for purposes of enforcing respective privacy and security requirements which may overlap in concept and in implementation within federal information systems, programs, and organizations;
> 
> * Demonstrate the applicability of the NIST Risk Management Framework in the selection, implementation, assessment, and monitoring of privacy controls deployed in federal information systems, programs, and organizations; and
> 
> * Promote closer cooperation between privacy and security officials within the federal government to help achieve the objectives of senior leaders/executives in enforcing the requirements in federal privacy legislation, policies, regulations, directives, standards, and guidance.
> 
> There is a strong similarity in the structure of the privacy controls in Appendix J and the security controls in Appendices F and G. Moreover, the use of privacy plans in conjunction with security plans provides an opportunity for organizations to select the appropriate set of security and privacy controls in accordance with organizational mission/business requirements and the environments in which the organizations operate. Incorporating the same concepts used in managing information security risk, helps organizations implement privacy controls in a more cost-effective, risked-based manner while simultaneously protecting individual privacy and meeting compliance requirements.
> 
> Standardized privacy controls provide a more disciplined and structured approach for satisfying federal privacy requirements and demonstrating compliance to those requirements.
> ----snip----
> 
> _______________________________________________
> ietf-privacy mailing list
> [log in to unmask]
> https://www.ietf.org/mailman/listinfo/ietf-privacy
>

ATOM RSS1 RSS2