Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Project Description (Initial Public Draft)

Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events

Date Published: November 2017
Comments Due: December 12, 2017 (public comment period is CLOSED)
Email Questions to:


Timothy McBride (NIST), Michael Ekstrom (MITRE), Lauren Lusty (MITRE), Julian Sexton (MITRE), Anne Townsend (MITRE)


This project from the National Cybersecurity Center of Excellence (NCCoE) will detail methods and potential tool sets that can detect, mitigate, and contain data integrity events in the components of an enterprise network. It will also identify tools and strategies to aid in a security team’s response to such an event. The project will result in a freely available NIST Cybersecurity Practice Guide, documenting an example solution that demonstrates how to perform the following actions:

  • monitor integrity;
  • logging and data correlation;
  • manage vulnerabilities; and
  • report unauthorized or malicious activity.



data integrity; malware; ransomware; attack vector; malicious actor; malware detection; malware response
Control Families

Access Control; Audit and Accountability; Assessment, Authorization and Monitoring; Configuration Management; Contingency Planning; Identification and Authentication; Incident Response; Maintenance; Media Protection; Physical and Environmental Protection; Program Management; Risk Assessment; System and Services Acquisition; System and Communications Protection; System and Information Integrity