MITRE’s Privacy Engineering Tools and Their Use in a Privacy Assessment FrameworkNovember 2019
Topics: Information Privacy, Systems Engineering, Cybersecurity, Information Security, Identity and Access Management
NOTE: MITRE's Privacy Engineering Tools are available using the links below.
Organizations collect and use personally identifiable information (PII) about individuals for many uses, including to provide services and benefits. Many organizations have not fully integrated privacy into their systems engineering processes. Privacy engineering, a systematic, risk-driven process, helps ensure that privacy is addressed from the very beginning as systems are developed.
Organizations face severe consequences for not protecting privacy. Some of the scenarios include: reduced organizational effectiveness; curtailment of some programs; a negative impact on people whose PII has been collected, including identity theft; large costs for recovery from privacy incidents; and loss of credibility, confidence, and trust in the organization from affected individuals, the public, and stakeholders.
Privacy engineering focuses on methods and standards, technical elements of information infrastructure, and individuals and collectors. Members of MITRE’s Privacy Engineering Capability review organizations’ capabilities and identify how they can integrate privacy into systems engineering processes and documentation.
MITRE has been working for over two decades to develop multiple resources that weave privacy risk management into the enterprise and its systems. MITRE’s Privacy Engineering Capability has created a suite of privacy engineering tools for use by privacy professionals in their privacy engineering work to help organizations advance the state of privacy.
The MITRE privacy engineering tools can be used individually or together:
- MITRE Privacy Continuous Monitoring Framework
- MITRE Privacy Engineering Framework
- MITRE Privacy Maturity Model
- MITRE Generic System Privacy Requirements and Tests
For more information about how to use these tools, please download the attached guidance document.
For questions or comments on the tools, assistance with their use, or to obtain Word or PowerPoint versions of the tools, contact firstname.lastname@example.org.