Protecting the Confidentiality of Personally Identifiable Information (SP 800-122)

SP 800-122, a special publication released in April 2010 by the US National Institute of Standards and Technology (NIST), is a resource for those responsible for assessing privacy and designing and implementing privacy controls within information systems and business processes. This article offers a brief introduction to the key concepts and important elements of this publication.

Major Recommendations

The SP 800-122 aims to provide usable guidelines for a risk-based approach to protecting personally identifiable information (PII), particularly in US federal government agencies and their business associates. To this end, the publication makes the following recommendations:

Organizations should identify all PII that resides in [...]