Skip to content

The NIST privacy framework refers to the term “core” to describe a set of privacy activities and outcomes. The core is composed of three nested levels: Function, Category, and Subcategory. Subcategory is the most granular, and tangible, aspect of the core. In total, the NIST privacy framework proposes 100 Subcategories.  It should be noted, however, that the Subcategories included within the NIST privacy framework are not intended to be exhaustive, and companies may alter the subcategories (as well as the functions and the categories) by tailoring the proposed Subcategories or adding additional Subcategories that align with a company’s privacy program.