In an ongoing effort to provide practical and actionable guidance
to help organizations manage growing cybersecurity risks, NIST has released a
draft ransomware risk management profile. The Cybersecurity Framework Profile for Ransomware Risk Management, Draft NISTIR 8374, is now open for comment
through October 8, 2021.
The draft profile, prepared by the National Cybersecurity Center
of Excellence (NCCoE), identifies security objectives from
the NIST Cybersecurity Framework that can help prevent, respond to, and recover
from ransomware events. It can be used as a guide to managing risk—including
helping gauge an organization’s readiness to mitigate ransomware threats and
react to potential impacts. The profile addresses issues that were raised in
public comments on a preliminary draft released in June.