Draft NIST Practice Guide on Data Classification Practices

National Institute of Standards and Technology (NIST) sent this bulletin at 02/12/2026 11:19 AM EST
NIST

View As Web Page
Header

National Cybersecurity Center of Excellence
We want your feedback! Data Classification Publication

New NIST Draft Available: Discover, Identify, and Label Unstructured Sensitive Data

Today, the NCCoE released guidelines for data classification practices based on collaboration with industry to demonstrate practical approaches for data classification using commercially available technology.

Published as NIST Special Publication (SP) 1800-39, Data Classification Practices, these guidelines show how organizations can use data classification tools to discover, identify, and label sensitive unstructured data. The public comment period for this publication is open through March 30, 2026.

Background

Protecting sensitive data, such as personal information like social security numbers and biometric data, requires organizations to understand where its sensitive data resides. Organizations’ sensitive data may be unstructured and can be found in various systems, including data lakes, file repositories, and emails. Since data is so vast and ubiquitous, organizations need a shared understanding of what their data assets are to identify and protect them.

This publication demonstrates how organizations can apply data classification practices to discover, identify, and label sensitive unstructured data using commercially available data classification technology. Implementing effective data classification practices is an initial step for organizations looking to leverage advanced security measures, including Zero Trust Architecture, quantum-safe cryptography, and secure AI model training.

We Want Your Feedback!

This draft publication is open for public comment through March 30, 2026. We encourage you to visit our project page for more details and instructions to submit comments. We appreciate your feedback to inform the NCCoE’s work to accelerate the adoption of secure technologies.

Want to stay up to date on this project? Join the NCCoE Data Classification Practices Community of Interest (COI) to receive project updates and join in on opportunities to share your feedback with the project team.

Comment Now

NIST Cybersecurity and Privacy Program
Questions/Comments about this notice: data-nccoe@nist.gov
NCCoE Website questions: nccoe@nist.gov