Skip to main content

National Institute of Standards and Technology (NIST)

About the National Institute of Standards and Technology

The National Institute of Standards and Technology (NIST) was founded in 1901 and is now part of the U.S. Department of Commerce. Congress established the agency to help improve U.S. industrial competitiveness. From the smart electric power grid and electronic health records to atomic clocks, advanced nanomaterials, and computer chips, innumerable products and services rely in some way on technology, measurement, and standards provided by the National Institute of Standards and Technology.

Who at NIST engages with privacy?

Most of the privacy-related research occurs within the Information Technology Laboratory (ITL)

ITL’s strategy is to maximize the benefits of information technology (IT) to society through a balanced IT measurement science and standards portfolio of three major activities: fundamental research in mathematics, statistics, and IT; applied IT research and development; and standards development and technology transfer.

NIST Privacy Engineering program supports the development of trustworthy information systems by applying measurement science and system engineering principles to the creation of frameworks, risk models, guidance, tools, and standards that protect privacy and civil liberties.

Additional privacy-related research is integrated in other programs, including cryptography, trusted identities, usability, and information assurance.

Which NIST guidance is most relevant to privacy?

NIST provides standards and guidelines to Federal agencies for various purposes including supporting agencies’ ability to meet their obligations under regulations and OMB policy. The below guidance might be of particular interest to those managing privacy programs:

Which NIST guidance is specific to privacy risk management?

In support of OMB Circular A-130, NIST is working to augment existing NIST guidance on the Risk Management Framework (RMF) to specifically address privacy risk management.

In the short-term, privacy programs may want to review the following Special Publications for RMF standards and guidelines:

  • NIST SP 800-18 - Guide for Developing Security Plans for Federal Information Systems (Feb. 2006)
  • NIST SP 800-30 - Guide for Conducting Risk Assessments (Sept. 2012)
  • NIST SP 800-18 - Guide for Applying the Risk Management Framework to Federal Information Systems (Feb. 2010)
  • NIST SP 800-39 - Managing Information Security Risk—Organization, Mission, and Information System View (Mar. 2011)
  • NIST SP 800-60: Volume I - Guide for Mapping Types of Information and Information Systems to Security Categories (Aug. 2008)
  • NIST SP 800-60: Volume II - Appendices to Guide for Mapping Types of Information and Information Systems to Security Categories (Aug. 2008)