Home / Privacy at ASU / NIST Privacy Framework

NIST Privacy Framework

The NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management

The Privacy Framework provides a common language for understanding, managing, and communicating privacy risk with internal and external stakeholders. It can be used to help identify and prioritize actions for reducing privacy risk, and it is a tool for aligning policy, business, and technological approaches to managing that risk.



The NIST Privacy Framework provides five functions, Identify, Govern, Control, Communicate, and Protect which can be used to manage privacy risks arising from data processing.

Identify - Develop the organizational understanding to manage privacy risk for individuals arising from data processing.

                 Complete Privacy Reviews
                 Inventory Assets in CMDB

Govern - Develop and implement the organizational governance structure to enable an ongoing understanding of the organization’s risk management priorities that are informed by privacy risk.

Control - Develop and implement appropriate activities to enable organizations or individuals to manage data with sufficient granularity to manage privacy risks.

Communicate - Develop and implement appropriate activities to enable organizations and individuals to have a reliable understanding and engage in a dialogue about how data are processed and associated privacy risks.

Protect - Develop and implement appropriate data processing safeguards.