Good morning, all,
NIST has published its recommendations for protecting PII in government information in SP 800-122. Interestingly, NIST asserts outright that these guidelines do not apply to national security systems but perhaps that is a discussion for another day. Nonetheless, at first glance, these guidelines are pretty high level and common sense, based on a risk management kind of approach. But at least this is a stake in the ground that gives federal organizations some framework from which to work.
I found it a quizzical coincidence that this that news of this release hit the wire right about when John Kerry (D-MA) proposed a bill to add an "ambassador-at-large" within the purview of the State Department to address cyberspace.
Here's the link: http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf
Thanks and happy musing,