NIST Privacy Framework Update Includes Recent Cybersecurity Guidelines

Posted By: Elizabeth Hernandez May 11, 2025

The National Institute of Standards and Technology (NIST) has published a draft update on its Privacy Framework to include the most recent cybersecurity rules and strategies. The NIST Privacy Framework is a tool for enhancing privacy through business risk management. It is a voluntary program that gives a set of methods for companies to follow to enhance their method for safeguarding personal information. First published in January 2020, the policy is patterned on and created to suit the NIST Cybersecurity Framework. Although HIPAA-covered companies can follow the NIST CSF to enhance their security stance, implementing the NIST CSF will not always deal with all privacy issues.

The NIST Privacy Framework is split into three tiers: Core, Profiles, and Implementation.

  • Core Tier deals with privacy and safety activities
  • Profiles Tier is used to identify which Core activities must be followed to accomplish privacy objectives most efficiently
  • Implementation Tier is used to improve the resources for handling privacy issues.

Five years have passed since the first release of the Privacy Framework. An update is necessary to enhance usability, ascertain whether the framework handles present privacy problems, and keep alignment with the newly updated NIST CSF.

Although the Privacy Framework may be used by itself without implementing the NIST CSF, the two have a similar high-level framework, thus, they can be quickly employed together to handle privacy and cybersecurity threats. The NIST Privacy Framework version 1.1 has Core activities that align with the NIST CSF 2.0 Core activities launched in February 2024. The important improvements include the Govern and Protect Functions that align better with CSF 2.0.

Version 1.1 was likewise updated to include the privacy risks related to AI and chatbot applications that weren’t commonly accessible during the first release of the Privacy Framework. Other changes include the transfer of the usage guidelines from Section 3 online. The web content is organized as an interactive Frequently Asked Questions page to enhance usability and help get responses faster. By shifting to an online version, NIST could make prompt changes later and respond to user needs.

NIST is inviting the general public to check the draft update and send comments and suggestions. Comments about the draft version can be submitted on or before June 13, 2025. NIST will consider the responses before publishing a final updated framework before the year ends.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone