In an ongoing effort to provide practical and actionable guidance to help organizations manage growing cybersecurity risks, NIST has released a draft ransomware risk management profile. The Cybersecurity Framework Profile for Ransomware Risk Management, Draft NISTIR 8374, is now open for comment through October 8, 2021.
The draft profile, prepared by the National Cybersecurity Center of Excellence (NCCoE), identifies security objectives from the NIST Cybersecurity Framework that can help prevent, respond to, and recover from ransomware events. It can be used as a guide to managing risk—including helping gauge an organization’s readiness to mitigate ransomware threats and react to potential impacts. The profile addresses issues that were raised in public comments on a preliminary draft released in June.