Securing Data Integrity Against Ransomware Attacks: Using the NIST Cybersecurity Framework and NIST Cybersecurity Practice Guides (Draft)

Cawthra, Jennifer; Ekstrom, Michael; Lusty, Lauren; Sexton, Julian; Sweetnam, John; Townsend, Anne

doi:https://doi.org/10.6028/NIST.CSWP.17.ipd

July 19, 2023: URLs for CSRC publication details pages have changed. Legacy URLs should automatically redirect to the new URLs. However, links to the actual publications have NOT changed (e.g., DOIs and PDFs on nvlpubs.nist.gov). Please send inquiries to csrc-inquiry@nist.gov. [12:20 pm ET - If you received "Page Not Found" errors recently, please retry accessing those files. File synchronization should now be complete.]

NIST CSWP 17 (Initial Public Draft)

Securing Data Integrity Against Ransomware Attacks: Using the NIST Cybersecurity Framework and NIST Cybersecurity Practice Guides

Documentation Topics

Date Published: October 1, 2020
Comments Due: November 13, 2020 (public comment period is CLOSED)
Email Questions to: ds-nccoe@nist.gov

Author(s)

Jennifer Cawthra (NIST), Michael Ekstrom (MITRE), Lauren Lusty (MITRE), Julian Sexton (MITRE), John Sweetnam (MITRE), Anne Townsend (MITRE)

Announcement

The National Cybersecurity Center of Excellence (NCCoE) at NIST is actively engaged in helping organizations address the challenge of ransomware and other data integrity events through the Data Integrity projects. These projects help organizations implement technical capabilities that address data integrity issues. The objective of this document is to provide an overview of these Data Integrity projects, provide a high-level explanation of the architecture and capabilities, and explain how these projects can be brought together into one comprehensive data integrity solution.

We encourage you to submit comments either by email or by using the online comment submission form.

Abstract

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) is actively engaged in helping organizations address the challenge of ransomware and other data integrity events through the Data Integrity projects. These projects help organizations implement technical capabilities that address data integrity issues. The objective of this document is to provide an overview of these Data Integrity projects; provide a high-level explanation of the architecture and capabilities; and explain how these projects can be brought together into one comprehensive data integrity solution.

Keywords

data integrity; data security; malware; ransomware; security architecture

Control Families

System and Information Integrity

Documentation

Publication:
https://doi.org/10.6028/NIST.CSWP.17.ipd
Download URL

Supplemental Material:
Local Download (pdf)
Project homepage

Related NIST Publications:
SP 1800-11
SP 1800-25 (Draft)
SP 1800-26 (Draft)

Document History:
10/01/20: CSWP 17 (Draft)

Topics

Security and Privacy

general security & privacy, threats

Applications

cybersecurity framework