Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Ransomware Risk Management: CSF 2.0 Community Profile | Draft NIST IR 8374r1 Available for Comment
January 13, 2025

The National Cybersecurity Center of Excellence (NCCoE) has published an initial public draft of NIST Interagency Report (NIST IR) 8374 Revision 1, Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile. Organizations at home and abroad use NIST IR 8374 to guard against ransomware. We are seeking your feedback on the publication’s contents and the future direction of NIST’s ransomware guidance.

NIST IR 8374 reflects changes made to the Cybersecurity Framework (CSF) from CSF 1.1 to CSF 2.0 which identifies security objectives that support managing, detecting, responding to, and recovering from ransomware events. Ransomware can attack organizations of all sizes from any sector. You can use this publication to gauge your organization’s readiness to counter ransomware threats, mitigate potential consequences of a ransomware event, and to develop a ransomware countermeasure playbook.

The public comment period is open now until March 14, 2025. Please send your feedback about this initial public draft and what content would be most valuable in future NIST ransomware guidance to ransomware@nist.gov.

Related Topics

Security and Privacy: ransomware

Applications: cybersecurity framework

Created January 10, 2025, Updated January 13, 2025