Which SP standard covers Protecting PII?

Protecting PII is the focus of a dedicated guide that lays out how to safeguard personally identifiable information throughout its lifecycle. NIST SP 800-122 explains what PII is, where it can reside, and what safeguards are needed to keep it confidential. It covers practical steps such as classifying PII by sensitivity, applying access controls, using encryption where appropriate, minimizing data collection, controlling how PII is stored and transmitted, and ensuring proper disposal when no longer needed. The guidance emphasizes tailoring protections to the level of risk and sensitivity of the data, with concrete controls and procedures to implement in federal systems. While SP 800-53 provides a broad catalog of security and privacy controls for information systems, it isn’t focused specifically on PII. SP 800-60 deals with mapping information types to security categories to determine impact levels, not with prescriptive PII protection measures. SP 800-70 covers security configuration baselines and checklists for IT products and systems, rather than PII protection guidance.