The What and Why of NIST's Privacy Appendix
DATA PROTECTION—U.S.July 22, 2011
Ron Ross, author of the National Institute of Standards and Technology's (NIST) "Security Controls for Federal Information Systems and Organizations" document told GovInfoSecurity that adding privacy controls will offer a "disciplined and structured approach on how to enforce some of the best practices that have been around for quite some time." The controls will cover transparency, data minimization and retention, use limitation, data quality, risk management, individual participation and redress, among others. "The attempt here," says Ross, "is to have the most robust set of security and privacy controls for our customers."