ITL Bulletin: Building the Bridge Between Privacy and Cybersecurity for Federal Systems (April 2017) [open pdf - 166KB]
Alternate Title: Information Technology Laboratory (ITL) Bulletin: Building the Bridge Between Privacy and Cybersecurity for Federal Systems (April 2017)
This document is the Information Technology Laboratory (ITL) Bulletin for April 2017 from the National Institute of Standards and Technology. From the Introduction: "Because information technology (IT) deeply affects privacy at individual and societal levels, systems should be built in a trustworthy manner, consistent with widely recognized, high-level privacy principles - such as the Fair Information Practice Principles (FIPPs). The National Institute of Standards and Technology (NIST) regularly conducts research into technology, aiming to improve innovation and competitiveness, thereby advancing U.S. national and economic security and quality of life. Much of NIST's previous guidance into the trustworthiness of systems in various technical areas- including cybersecurity, cloud computing, big data, and cyber-physical systems- has focused on the security objectives of confidentiality, integrity, and availability (CIA). While unauthorized access to personally identifiable information (PII) is a subset of information security and a critical aspect of privacy, there is a less-developed understanding of other ways in which a system impacts individuals' privacy and how to identify and address risks that extend beyond unauthorized access. Thus, there is a need to bridge cybersecurity and privacy as two different attributes of trustworthiness."
National Institute of Standards and Technology: http://csrc.nist.gov/