Risk Management Blog
Content for Risk
Management Professionals


May 14, 2020

Using NIST's Privacy and Cybersecurity Frameworks as ERM Tools

NIST Privacy and Cybersecurity Frameworks ERM ToolsThe National Institute for Standards and Technology NIST released the first version of Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (Privacy Framework) at the start of 2020. The Privacy Framework follows a similar structure to and complements NIST’s Cybersecurity Framework, first published in 2014 and updated in the years since. Many organizations use them in tandem.

Although these releases occurred before the coronavirus pandemic crisis emerged, the guidelines offer help for enterprises as they adapt to modern demands for data privacy requirements and help protect against cyberattacks. NIST’s guidance is valuable and has been supplemented by further advice to navigate secure virtual meetings.  

Can the NIST Privacy and Cybersecurity frameworks strengthen your enterprise risk management (ERM) program? Procipient® can facilitate your enterprise’s proactive adoption of NIST’s standards quickly and easily.


Staying in Compliance and Securing Data

This Privacy Framework provides a common language to standardize how companies approach privacy compliance regulations in the United States. The Privacy Framework can support customers in:

  • Building customers’ trust to optimize beneficial uses of data, while minimizing adverse consequences for individuals’ privacy and society as a whole
  • Fulfilling current compliance obligations, such as the Health Insurance Portability and Accountability Act (HIPAA), the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), as well as future-proofing products and services
  • Facilitating communication about privacy practices with individuals, business partners, assessors and regulators

The Privacy Framework is designed for use alongside NIST's Cybersecurity Framework and its five functions — Identify, Protect, Detect, Respond and Recover. The Privacy and Cybersecurity Frameworks use a common structure and overlapping catalogs of controls. This alignment streamlines your organization’s implementation of the connected guidelines.

To supplement the framework, NIST responded to the coronavirus pandemic crisis on March 17 with “Preventing Eavesdropping and Protecting Privacy on Virtual Meetings,” by Jeff Greene, Director of the National Cybersecurity Center of Excellence (NCCoE) for NIST.

Greene warns that “if virtual meetings are not set up correctly, former coworkers, disgruntled employees, or hackers might be able to eavesdrop or disrupt them.” There have been reports of these negative activities with Zoom meetings and other platforms for months.

Although many virtual meeting services have built-in security features, Greene provides an insightful list of tips — including using one-time PINs and disabling unnecessary features — to secure your company’s conference calls and web meetings.


Learn More 

Procipient® simplifies the incorporation of NIST’s Privacy and Cybersecurity guidelines into your risk management practices. The ERM/GRC tool can manage policies and link them to different regulatory and compliance requirements. Procipient®’s Cybersecurity Assessment Template (CAT) can also help you assess cybersecurity risks and controls for remote work, including virtual meetings.

Request a demo today to see how Procipient® can help your enterprise meet its privacy goals and mitigate cybersecurity threats.