Skip to content

In 2020, the National Institute of Standards and Technology, a part of the United States Department of Commerce, developed a privacy framework that was intended to help organizations identify and manage privacy risks. Like the ISO 29100 privacy framework that predated it, the NIST privacy framework is designed to provide common terminology to communicate privacy-related activities. Also like the ISO 29100 privacy framework, the NIST framework was designed to be compatible with domestic and international legal and regulatory regimes (e.g., GDPR, CCPA), but it does not include all of the requirements of those regimes.