Adapting GDPR Requirements to Meet NIST 800-53 Rev. 5 (D21b)
GDPR is the latest compliance requirement going into effect (as of May 2018) that will be a game-changer for all businesses harvesting or interacting with data originating in the European Union. Currently, GDPR is considered the gold standard in breach readiness and reporting and companies are looking to adapt their compliance strategies to meet this regulation. The speaker will address mapping of GDPR requirements to NIST 800-53 Rev. 5. The latest NIST draft represents an ongoing effort to produce a unified information security framework for the federal government, but this version broadens the focus to address how all kinds of organizations can maintain security and privacy in their interconnected systems. Revision 5 takes the guidance in new directions—addressing the next-generation catalog of controls that can also be applied to secure the Internet of Things, AI, and connected devices. The speaker will discuss how the NIST controls can be applied as security and privacy safeguards—both technical and procedural—to protect systems, organizations, and individuals. Maria will discuss mapping of many of the GDPR requirements to the NIST framework with a particular emphasis on interconnected, IoT and AI-enabled organizations.