NIST SP 800-122
Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (8)
Data Subject Rights
| Code | Title |
|---|---|
| NISTSP122-3 | PII Data Subject Rights and Automated Decision-Making |
Governance and Continuous Monitoring
| Code | Title |
|---|---|
| NISTSP122-8 | Continuous Monitoring, Training, and Privacy Programme Governance |
Incident Response
| Code | Title |
|---|---|
| NISTSP122-6 | PII Breach Response and Incident Handling |
Minimisation and De-Identification
| Code | Title |
|---|---|
| NISTSP122-4 | PII Minimisation, Purpose Limitation, and Pseudonymisation |
Notice and Consent
| Code | Title |
|---|---|
| NISTSP122-2 | PII Privacy Notice, Consent, and Lawful Processing |
Scope and PIA
| Code | Title |
|---|---|
| NISTSP122-1 | Scope, PII Definition, and PII Confidentiality Impact Analysis |
Security Controls
| Code | Title |
|---|---|
| NISTSP122-5 | PII Security Controls - Encryption, Access Control, Storage, Audit |
Sharing and Transfers
| Code | Title |
|---|---|
| NISTSP122-7 | PII Sharing, Cross-Border Transfers, and Third-Party Agreements |
Your Compliance Coverage
If you comply with NIST SP 800-122, you already cover:
South Korea PIPA
75%
6 controls mapped
Compare →Turkey KVKK
75%
6 controls mapped
Compare →Privacy Act 1988 (Australia)
75%
6 controls mapped
Compare →+ 133 more: Pakistan Personal Data Protection Bill 2023 (75%), Bahrain PDPL (75%)
See all 136 mapped frameworks ↓Maps to 136 other frameworks
Frequently Asked Questions
What is NIST SP 800-122?
NIST SP 800-122 is a compliance framework from United States with 8 domains and 8 controls. Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does NIST SP 800-122 have?
NIST SP 800-122 has 8 controls organised across 8 domains. The largest domains are Data Subject Rights (1 controls), Governance and Continuous Monitoring (1 controls), Incident Response (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does NIST SP 800-122 map to?
NIST SP 800-122 maps to 136 other compliance frameworks. The top mapping partners are South Korea PIPA (75% coverage), Turkey KVKK (75% coverage), Privacy Act 1988 (Australia) (75% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with NIST SP 800-122 compliance?
Start your NIST SP 800-122 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about NIST SP 800-122 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 8 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 723 frameworks.
Get Started Free →Free forever — no credit card required