NIST 800-122 Protecting PII Playbook

The following represents simplified key elements of NIST 800-122 "Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)" publishing.

June 22, 2021

Word Ahead

Q. What is NIST?
A. "The National Institute of Standards and Technology is a non-regulatory government agency that develops technology, metrics, and standards to drive innovation and economic competitiveness at U.S.-based organizations in the science and technology industry." - DigitalGuardian

NIST 800-122 is a whitepaper covering many aspects of PII data, examples of handling it, what to do in case of an incident, details about policies and practices that any company should have.

At roughly 60 pages, we reckon that reading it would take roughly between one and two hours using a conventional reading technique, quite a time if you are an extremely busy person.

Personally Identifiable Information is a broad subject, and so the misunderstandings around it. The picture above should provide an easy way to deal with many situations when the PII questions or concerns might land on the table.

Q. Ok, so where from here?
A. Lately, we went through a couple of scenarios where the "Personally Identifiable Information" concept and its particularities had to be explained more deeply, looking through the client's business model lens.

We firmly believe that providing visual walkthroughs or/and checklists will help decision people to increase their knowledge base much quicker in a shorter time. However, to get the full flavor of the topic, reading the full NIST 800-122 document more than one time is strongly advisable.

NIST 800-122 Playbook - HIGH QUALITY IMAGE

[*] Get the picture from here.

Aknowledgements | References | Resources


Be the adversary - attack first