Training TR2 – New Appendix in NIST SP 800-53 Revision 4: Privacy Controls

Julie McEwen, MITRE Corporation

Wednesday, 13:30-15:00

Special Publication 800-53, Appendix J, Privacy Control Catalog, addresses Privacy, with respect to personally identifiable information, specifies privacy and security controls in information systems that are processing, storing, and transmitting personally identifiable information. The Privacy Control Catalog is a new addition to SP 800-53, Revision 4, projected for release in December 2011. The objectives of the Privacy Appendix are:

  • Provide a structured set of privacy controls;
  • Establish a linkage and relationship between privacy and security controls;
  • Demonstrate the applicability of the NIST Risk Management Framework in the selection, implementation, assessment, and monitoring of privacy control; and
  • Promote closer cooperation between privacy and security officials.

Prerequisites

None

About the Instructor

Julie S. McEwen, CIPP/G, CIPP, CISSP, is a Principal Information Privacy and Cybersecurity Engineer and leads the privacy capability at the Cybersecurity and Privacy Technical Center at The MITRE Corporation. Prior to joining MITRE, Ms. McEwen managed privacy and cybersecurity programs and advised organizations on privacy and cybersecurity policy and technology issues while at the U.S. Department of Defense, Deloitte, IIT Research Institute, the Logistics Management Institute, and T. Rowe Price. With over 25 years of experience in privacy and cybersecurity, U.S. federal agencies and departments that she has supported include the Departments of Defense, Justice, Treasury, Homeland Security, and Health and Human Services as well as the Census Bureau and U.S. House of Representatives. Ms. McEwen is co-editor of U.S. Government Privacy: Essential Policies and Practices for Privacy Professionals [International Association of Privacy Professionals (IAPP), 2009]. She has served as one of the lead faculty for the IAPP.s U.S. Government Privacy Training Program since 2006, and is a member of the IAPP CIPP/G Certification Advisory Board.