WESF plays a role in promoting standardization and eliminating global trade barriers.
The National Institute of Standards and Technology (NIST) has released a new version of the NIST Privacy Framework, guidelines that are intended to address current privacy risk management needs, maintain alignment with the agency’s Cybersecurity Framework (updated in 2024), and improve usability.
The updated version debuts five years after NIST released the initial Version 1.0 of the Privacy Framework Tool, intended to help optimize beneficial uses of data while protecting individual privacy.
About the NIST Privacy Framework 1.1 and Updates
The latest NIST Privacy Framework 1.1 (PFW) is broadly intended to help organizations manage the privacy risks that arise from personal data flowing through complex information technology systems. The agency reports that failure to manage these risks effectively can directly affect individuals and society, potentially damaging organizations’ brands, bottom lines, and prospects for growth.
Updates to the Privacy Framework (PFW) were necessary partly due to its connection with the widely adopted NIST Cybersecurity Framework (CSF), as privacy and cybersecurity risks frequently intersect and overlap. Both frameworks share an element called the “Core”: an increasingly granular set of activities and outcomes that can help organizations discuss risk management. The PFW 1.1 Core was updated to realign with the CSF 2.0. Core, better responding to stakeholder needs and making it easier to use.
NIST reports that it maintains a PFW Learning Center that includes quick-start guides in several languages. The center’s page now features a PFW 1.1 Highlights video that offers more details about the draft’s updates.
In addition to the Core updates, other revisions include a new section on AI and privacy risk management, and a relocation of the PFW’s use guidelines to the web.
“This is a modest but significant update,” said NIST’s Julie Chua, director of NIST’s Applied Cybersecurity Division. “The PFW can be used on its own to manage privacy risks, but we have also maintained its compatibility with CSF 2.0 so that organizations can use them together to manage the full spectrum of privacy and cybersecurity risks.”
NIST is seeking public comments on the draft via privacyframework@nist.gov until June 13, 2025. More information on the updates and a template for submitting comments can be found via NIST’s press release and on the NIST Privacy Framework website.