The National Cybersecurity Center of Excellence (NCCoE) has published an initial public draft of NIST Interagency Report (NIST IR) 8374 Revision 1, Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile. Organizations at home and abroad use NIST IR 8374 to guard against ransomware. We are seeking your feedback on the publication’s contents and the future direction of NIST’s ransomware guidance.
NIST IR 8374 reflects changes made to the Cybersecurity Framework (CSF) from CSF 1.1 to CSF 2.0 which identifies security objectives that support managing, detecting, responding to, and recovering from ransomware events. Ransomware can attack organizations of all sizes from any sector. You can use this publication to gauge your organization’s readiness to counter ransomware threats, mitigate potential consequences of a ransomware event, and to develop a ransomware countermeasure playbook.
The public comment period is open now until March 14, 2025. Please send your feedback about this initial public draft and what content would be most valuable in future NIST ransomware guidance to ransomware@nist.gov.