NIST is now specifically writing an appendix to 800-53 just for the protection of PII.
1. This is news because of the targeting of government contractors by anti-sec groups.
2. Typically NIST special publication standards typically find their way into state legislation, other standards bodies, and contractual language.
3. NIST is thorough and is hard to challenge from a control effectiveness or "getting it" standpoint.
4. The need for and mandatory protection of PII is real. I expect national legislation on the subject in the next few years a la SOX or HIPAA. (no arguing about effectiveness please)
I am re-reading the appendix now (it's only 20 pages) and will try to post a summary soon.
Link to Appendix J of NIST SP 800-53 is here:http://csrc.nist.gov/publications/drafts/800-53-Appdendix-J/IPDraft_800-53-privacy-appendix-J.pdf
FYI: if you work in infosec and don't know 800-53 you need to. It's a comprehensive set of controls that many regulations, contracts, and standards (such as PCI) use as their source material.
Thanks to +Jason Oliver
for pointing out that my attempt at brevity led to a confusing message.