Final Ransomware Risk Management Cybersecurity Framework Profile & Quick
Start Guide Released Today!
organization’s data and demand payment to restore access. In some instances,
attackers may also steal an organization’s information and demand an additional
payment in return for not disclosing the information to authorities,
competitors, or the public. This serious cybersecurity challenge is becoming
To help address this challenge, NIST is releasing two guides:
The final Ransomware Risk Management: A Cybersecurity Framework
Profile (NISTIR 8374) incorporates feedback from earlier drafts and
is based on the broader Cybersecurity
Framework Version 1.1. It can be used as a guide to manage the risk of
ransomware events—which includes helping to gauge an organization’s level of
readiness to counter ransomware threats and to deal with the potential
consequences of events.
NIST has also developed a companion quick start guide
called ‘Getting Started with Cybersecurity Risk
Management: Ransomware’ designed for organizations—including those
with limited resources to address cybersecurity challenges—to easily understand
the advice given in the Profile and to get guidance on what they can begin
implementing today. It’s important to recognize that you don’t need to do
everything all at once…getting started is the key!