nist-pf-identify
Installation
SKILL.md
NIST Privacy Framework — IDENTIFY Function
Overview
The IDENTIFY function in the NIST Privacy Framework (Version 1.0, January 2020) enables organizations to develop organizational understanding of privacy risk arising from data processing. This skill covers all four subcategories: Business Environment (ID.BE), Data Actions (ID.DA), Improvement (ID.IM), and Risk Assessment (ID.RA).
IDENTIFY Function Subcategories
ID.BE — Business Environment
Understanding the organization's mission, objectives, stakeholders, and activities to prioritize privacy risk management decisions.
| Subcategory | Description | Implementation Guidance |
|---|---|---|
| ID.BE-P1 | The organization's role(s) in the data processing ecosystem are identified and communicated | Document whether the organization acts as data controller, processor, or both. Map all data flows identifying organizational role at each stage. |
| ID.BE-P2 | Priorities for organizational mission, objectives, and activities are established and communicated | Align privacy objectives with business strategy. Ensure executive leadership endorses privacy as a business priority. |
| ID.BE-P3 | Systems/products/services that process data are identified and prioritized | Maintain an inventory of all systems processing personal data. Classify by risk tier based on data sensitivity and volume. |