Citation[edit | edit source]
Overview[edit | edit source]
This publication provides guidelines for a risk-based approach to protecting the confidentiality of personally identifiable information (PII). It provides practical, context-based guidance for identifying PII and determining what level of protection is appropriate for each instance of PII. The document also suggests safeguards that may offer appropriate levels of protection for PII and provides recommendations for developing response plans for breaches involving PII.
The National Institute of Standards and Technology (NIST) developed this publication in furtherance of its statutory responsibilities under the Federal Information Security Management Act of 2002 (FISMA).