The NCCoE has released the final NIST Cybersecurity Special Publication (SP) 1800-26, Detecting and Responding to Ransomware and Other Destructive Events. For ease of use, the final guide is available to download or read in volumes.
The process to mitigate an active attack on an organization’s data integrity requires use of strong, effective tools. Detection of a data integrity attack involves identification of its source, the affected systems, and sufficient data collection to allow for impact analysis. Once detected, swift response to a threat is critical to mitigate the need for recovery action after an event occurs.
The NCCoE is addressing the challenge of detecting and responding to malicious malware and other damaging attacks by collaborating with industry and the information technology (IT) community, including cybersecurity solution vendors.
The NCCoE developed and implemented a solution that incorporates multiple systems working in concert to detect an ongoing data integrity cybersecurity event. Additionally, the solution provides guidance on how to respond to the detected event. Addressing these functions together enables organizations to have the necessary tools to act during a data integrity attack.
Cyber threats are not abating, rather they are increasing and becoming more complex, pervasive, and damaging. Organizations that lack detection and response solutions are highly vulnerable to data integrity events.
Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.
A white paper that provides an overview of the three Data Integrity projects and how they align with the NIST Cybersecurity Framework. This paper offers a high-level explanation of the architecture and capabilities, and it explains how these projects can be brought together into one comprehensive data integrity solution.