The National Cybersecurity Center of Excellence (NCCoE) has released a new draft project description, Data Classification Practices: Facilitating Data-Centric Security. Publication of this project description begins a process to further identify project requirements, scope, and hardware and software components for use in a laboratory environment.
The NCCoE will solicit participation from industry to develop an approach for defining data classifications and data handling rulesets and for communicating them to others. In addition, this project will attempt a basic proof-of-concept implementation that will include limited data discovery, analysis, classification, and labeling capabilities, as well as a rudimentary method for expressing how data with a particular label should be handled for each use case scenario. This project will result in practice guides and other publications to encourage increased standardization and adoption of data classification methods.
The public comment period for this draft is open through June 21, 2021. See the publication details for a copy of the draft and instructions for submitting comments.
You can also help shape and contribute to this project. Join the Community of Interest by sending an email to data-nccoe@nist.gov.
Security and Privacy: general security & privacy, zero trust