The IAF supports updating the NIST Privacy Framework and encourages consistency and alignment between the Privacy Framework and the Cybersecurity Framework as described in the key focus areas. Rather than treating the PF and CSF Frameworks as standalone, they should operate as complementary elements of a larger risk management and governance whole. IAF member companies often use NIST Frameworks not only for compliance, but as part of a larger governance strategy. It only makes practical sense to align the two Frameworks.
The IAF offered support for the specific topic examples intended to align the Privacy Framework and Cybersecurity Frameworks – especially at the leadership and Governance levels.
Over the last few years, the IAF has developed, in conjunction with business and in multi-stakeholder sessions, a normative assessment framework for demonstrating accountability and compliance with U.S. State Privacy Laws.
The IAF sees NIST making notable advances that will enable strategic data governance, and we welcome the opportunity to leverage and align our work with the evolving NIST frameworks.