U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

Final Ransomware Risk Management Cybersecurity Framework Profile & Quick Start Guide Released Today!
February 24, 2022

ransomware graphic

 

Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. In some instances, attackers may also steal an organization’s information and demand an additional payment in return for not disclosing the information to authorities, competitors, or the public. This serious cybersecurity challenge is becoming more widespread.

To help address this challenge, NIST is releasing two guides:

The final Ransomware Risk Management: A Cybersecurity Framework Profile (NISTIR 8374) incorporates feedback from earlier drafts and is based on the broader Cybersecurity Framework Version 1.1. It can be used as a guide to manage the risk of ransomware events—which includes helping to gauge an organization's level of readiness to counter ransomware threats and to deal with the potential consequences of events.

NIST has also developed a companion quick start guide, Getting Started with Cybersecurity Risk Management: Ransomware, designed for organizations—including those with limited resources to address cybersecurity challenges—to easily understand the advice given in the Profile and to get guidance on what they can begin implementing today. It’s important to recognize that you don’t need to do everything all at once…getting started is the key!

Questions? Email us at ransomware@nist.gov.  

Related Topics

Security and Privacy: malware

Applications: cybersecurity framework

Created February 23, 2022, Updated March 08, 2022