Author Archives: Naomi Lefkovitz

REGISTER NOW: Privacy Controls Workshop on next steps for NIST SP 800-53, Appendix J!

We’re pleased to announce that on September 8, 2016, NIST and the Department of Transportation will hold a technical workshop on the next steps for NIST Special Publication 800-53, Appendix J…and registration is now open! Workshop participation from security and privacy engineers, privacy subject matter experts, and Senior Agency Officials for Privacy (SAOPs) is imperative for this workshop to be a success, so we encourage experts in these areas to register and attend. However, everyone is welcome so please feel free to join us if you are interested in the design of privacy protections in federal information systems. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , | 2 Comments

Celebrating Data Privacy Day and everything it stands for!

Happy Data Privacy Day! According to a recent survey of young Americans by Harvard’s Institute of Politics, 65% of respondents said they were “very concerned” about technology companies collecting digital information from their phone or computer. While it’s only January, that level of concern suggests privacy will continue to have a place in the national conversation throughout 2016. Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , , | Leave a comment

Summer homework: NIST welcomes comments until 7/31 on draft privacy risk management framework

Earlier today, the privacy engineering team at NIST released its draft NIST Internal Report 8062, Privacy Risk Management for Federal Information Systems, and is seeking comments on that draft. This report introduces a privacy risk management framework (PRMF) for anticipating and addressing privacy risks that result from the processing of personal information in federal information technology systems. In particular, it focuses on three privacy engineering objectives—predictability, manageability, and disassociability—and a privacy risk model. Continue reading

Posted in Uncategorized | Tagged , , , , , , , | Leave a comment

Competing on Privacy in the Tower of Babel

In recent months, there’s been much talk about the idea of companies competing on privacy. In theory, this sounds great. Consumers can make choices based on their privacy preferences, and the marketplace will respond. In practice, there are some significant … Continue reading

Posted in Uncategorized | 1 Comment

Building the Future of Identity Privacy

On Data Privacy Day, the NSTIC National Program Office is taking some time to reflect on our own efforts to improve privacy online. Fulfilling the promise of enhanced privacy is a critical element of building trusted interaction online. The first of the Strategy’s guiding principles, finding new solutions that are privacy-enhancing and voluntary has been a key driver of pilot project selection and the NPO’s work to drive innovative approaches to online identity. One of the primary methods for improving privacy we have been encouraging is the use of privacy-enhancing technologies (PETs) – a topic I will be discussing at the upcoming RSA Conference, in a P2P session – Privacy-enhancing Technologies: Pipe Dream or Unfulfilled Promise? Continue reading

Posted in Uncategorized | Leave a comment

Does That Cloud Look Like A Pig? Putting the Fed in Federation: Part II

Back in February, if you read our post on Putting the Fed in Federation: The U.S. Government as Early Adopter of the Identity Ecosystem and thought “when pigs fly,” you probably weren’t alone. But with the announcement that the United States Postal Service (USPS) has awarded SecureKey Technologies with a contract to stand up the Federal Cloud Credential Exchange (FCCX), you might just want to keep your eye on the horizon. Continue reading

Posted in Uncategorized | 1 Comment

Putting the Fed in Federation: The U.S. Government as Early Adopter of the Identity Ecosystem

At the NSTIC National Program Office (NPO), we have a three-prong plan for transforming the National Strategy for Trusted Identities in Cyberspace (NSTIC) from paper to reality. Initiate a steering group of all stakeholders to govern the Identity Ecosystem. Check. … Continue reading

Posted in Uncategorized | 2 Comments