Upon review, we recognize that this NIST/NCCoE publication contains potentially biased terminology. As new publications are developed, they will follow NIST’s inclusive language guidance.
Data Integrity: Recovering from Ransomware and Other Destructive Events
Constant threats of destructive malware, ransomware, malicious insider activity, and even honest mistakes create the imperative for organizations to be able to quickly recover from an event that alters or destroys data. Businesses must be confident that recovered data is accurate, complete, and free of malware.
Demonstrating methods for organizations to be able to quickly recover from an event that alters or destroys data
Project Abstract
The NCCoE is helping enterprises ensure the integrity of their data through collaborative efforts with industry and the Information Technology (IT) community, including vendors of cybersecurity solutions.
Multiple systems need to work together to prevent, detect, alert, and recover from events that corrupt data. This project explores methods to effectively recover operating systems, databases, user files, applications, and software/system configurations. It also explores issues with auditing and reporting (user activity monitoring, file system monitoring, database monitoring, and rapid recovery solutions) to support recovery and investigations. To address real-world business challenges related to data integrity, the example solution is composed of open-source and commercially available components.
Organizations must be able to quickly recover from a data integrity attack and trust that any recovered data is accurate, complete, and free of malware.
Supplemental Resources
A white paper that provides an overview of the three Data Integrity projects and how they align with the NIST Cybersecurity Framework. This paper offers a high-level explanation of the architecture and capabilities, and it explains how these projects can be brought together into one comprehensive data integrity solution.
Collaborating Vendors
Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.