U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

NISTIR 8374 (Draft)

Cybersecurity Framework Profile for Ransomware Risk Management (Preliminary Draft)

Date Published: June 2021
Comments Due: July 9, 2021 (public comment period is CLOSED)
Email Questions to: ransomware@nist.gov


William Barker (Dakota Consulting), Karen Scarfone (Scarfone Cybersecurity), William Fisher (NIST), Murugiah Souppaya (NIST)


Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. In some instances, attackers may also steal an organization’s information and demand additional payment in return for not disclosing the information to authorities, competitors, or the public. Ransomware can disrupt or halt organizations’ operations. This report defines a Ransomware Profile, which identifies security objectives from the NIST Cybersecurity Framework that support preventing, responding to, and recovering from ransomware events. The profile can be used as a guide to managing the risk of ransomware events. That includes helping to gauge an organization's level of readiness to mitigate ransomware threats and to react to the potential impact of events.

NOTE: NIST is adopting an agile and iterative methodology to publish this content, making it available as soon as possible, rather than delaying its release until all the elements are completed. NISTIR 8374 will have at least one additional public comment period before final publication.

For additional information, visit our Ransomware Protection and Response page.



Cybersecurity Framework; detect; identify; protect; ransomware; recover; respond; risk; security
Control Families

None selected


Preliminary Draft NISTIR 8374

Supplemental Material:
None available

Document History:
06/09/21: NISTIR 8374 (Draft)
09/08/21: NISTIR 8374 (Draft)


Security and Privacy

cybersecurity framework