Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST CSWP 17 (Initial Public Draft)

Securing Data Integrity Against Ransomware Attacks: Using the NIST Cybersecurity Framework and NIST Cybersecurity Practice Guides

Date Published: October 1, 2020
Comments Due: November 13, 2020 (public comment period is CLOSED)
Email Questions to:


Jennifer Cawthra (NIST), Michael Ekstrom (MITRE), Lauren Lusty (MITRE), Julian Sexton (MITRE), John Sweetnam (MITRE), Anne Townsend (MITRE)


The National Cybersecurity Center of Excellence (NCCoE) at NIST is actively engaged in helping organizations address the challenge of ransomware and other data integrity events through the Data Integrity projects. These projects help organizations implement technical capabilities that address data integrity issues. The objective of this document is to provide an overview of these Data Integrity projects, provide a high-level explanation of the architecture and capabilities, and explain how these projects can be brought together into one comprehensive data integrity solution.

We encourage you to submit comments either by email or by using the online comment submission form.



data integrity; data security; malware; ransomware; security architecture
Control Families

System and Information Integrity


Download URL

Supplemental Material:
Local Download (pdf)
Project homepage

Related NIST Publications:
SP 1800-11
SP 1800-25 (Draft)
SP 1800-26 (Draft)

Document History:
10/01/20: CSWP 17 (Draft)


Security and Privacy

general security & privacy, threats


cybersecurity framework