Information Technology Laboratory (ITL) National Vulnerability Database (NVD) Announcement and Discussion Lists General Questions & Webmaster Contact Email:nvd@nist.gov Incident Response Assistance and Non-NVD Related Technical Cyber Security Questions:

Appendix J was first included in the fourth, and most recent, version of SP 800-53, the guidance covering security and privacy controls for federal information systems and organizations. Sep 08, 2016 · Appendix J was first included in the fourth, and most recent, version of SP 800-53, the guidance covering security and privacy controls for federal information systems and organizations. At a Sept. 8 NIST workshop, privacy experts gathered to discuss what changes should be made to the privacy controls in the next version of publication. The appendix, when completed, will provide a complete set of assessment procedures for the privacy controls in NIST Special Publication 800-53, Appendix J. The new privacy control assessment procedures are under development and will be added to the appendix after a thorough public review and vetting process. However, as stated in footnote 119 in Appendix J, “the privacy controls in this appendix apply regardless of the definition of PII by organizations.” 8 Collection, use, retention, disclosure, and disposal of PII.

Information Technology Laboratory (ITL) National Vulnerability Database (NVD) Announcement and Discussion Lists General Questions & Webmaster Contact Email:nvd@nist.gov Incident Response Assistance and Non-NVD Related Technical Cyber Security Questions:

…the information security office. (pg. J-4) NIST 800-53 Rev. 4 Appendix J • SAOPs are responsible for the implementation of Appendix J. •SAOPs may consult with CISOs, but the authority for the selection/ assessment of privacy controls rests with SAOP. •SAOP makes determination which controls may be considered “common controls.” • Information Technology Laboratory (ITL) National Vulnerability Database (NVD) Announcement and Discussion Lists General Questions & Webmaster Contact Email:nvd@nist.gov Incident Response Assistance and Non-NVD Related Technical Cyber Security Questions: Feb 28, 2020 · National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Revision 4, Appendix J provides a vehicle that identifies deficiencies in an agency’s privacy policies in compliance with existing privacy and information security laws and introduces privacy protection throughout the lifecycle of an information system program and project.

Information Technology Laboratory (ITL) National Vulnerability Database (NVD) Announcement and Discussion Lists General Questions & Webmaster Contact Email:nvd@nist.gov Incident Response Assistance and Non-NVD Related Technical Cyber Security Questions:

…the information security office. (pg. J-4) NIST 800-53 Rev. 4 Appendix J • SAOPs are responsible for the implementation of Appendix J. •SAOPs may consult with CISOs, but the authority for the selection/ assessment of privacy controls rests with SAOP. •SAOP makes determination which controls may be considered “common controls.” • Information Technology Laboratory (ITL) National Vulnerability Database (NVD) Announcement and Discussion Lists General Questions & Webmaster Contact Email:nvd@nist.gov Incident Response Assistance and Non-NVD Related Technical Cyber Security Questions: Feb 28, 2020 · National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Revision 4, Appendix J provides a vehicle that identifies deficiencies in an agency’s privacy policies in compliance with existing privacy and information security laws and introduces privacy protection throughout the lifecycle of an information system program and project. Information Technology Laboratory (ITL) National Vulnerability Database (NVD) Announcement and Discussion Lists General Questions & Webmaster Contact Email:nvd@nist.gov Incident Response Assistance and Non-NVD Related Technical Cyber Security Questions: Sep 08, 2016 · The National Institute of Standards and Technology (NIST) and the Department of Transportation (DOT) will co-host a public workshop to gather input on the privacy controls in Appendix J of NIST Special Publication 800-53, Revision 4. The workshop will explore the effectiveness and challenges of applying the current privacy controls in 800-53