Jonathan Alboum, CTO of Public Sector at Veritas discusses upcoming changes to the NIST framework, and why it will place a greater emphasis on privacy than the first version.
The National Institute of Standards and Technology is updating its Risk Management Framework. Aiming for a November release date, the second version of the RMF focuses more on protecting data and privacy. Jonathan Alboum, CTO of Public Sector at Veritas, said that these have become major issues for the government in recent months. “Privacy is on all of our minds. So the integration of privacy controls into the next version of the RMF, I don’t think is surprising,” said Alboum. There are some fundamental ideas around privacy that will make it in some form or fashion. We need to protect personally identifiable information. We need to have good controls around how we share it and who we share it with. More fundamentally, you have to be able to find that information in your organization. Data has exploded in every organization in the world, let alone the government. When you have lots of copies of data and you’re storing it in different clouds or on-premise, it is difficult to know what information you have. You have to be able to make it visible, and once you make it visible, you can classify it.”