Citation Edit

National Institute of Standards and Technology, An Introduction to Privacy Engineering and Risk Management in Federal Systems (NISTIR 8062) (January 2017) (full-text).

Overview Edit

NIST research in information technology — including cybersecurity, cloud computing, big data, and the Smart Grid and other cyber-physical systems — aims to improve the innovation and competitiveness that bring great advancements to U.S. national and economic security and quality of life. Much of this research pertains to the trustworthiness of these information technologies and the systems in which they are incorporated. Given concerns about how information technologies may affect privacy at individual and societal levels, the purpose of this publication is to provide an introduction to how systems engineering and risk management could be used to develop more trustworthy systems that include privacy as an integral attribute.

This report concludes with a general roadmap for evolving these preliminary concepts into actionable guidance — complementary to existing NIST guidance for information security risk management — so that agencies may more effectively meet their obligations under OMB Circular No. A-130 and other relevant policies.