The NCCoE has released the final version of the NIST Cybersecurity Practice Guide SP 1800-11, Data Integrity: Recovering from Ransomware and Other Destructive Events. For ease of use, the guide is available in volumes.
The NCCoE is helping enterprises ensure the integrity of their data through collaborative efforts with industry and the Information Technology (IT) community, including vendors of cybersecurity solutions.
Multiple systems need to work together to prevent, detect, alert, and recover from events that corrupt data. This project explores methods to effectively recover operating systems, databases, user files, applications, and software/system configurations. It also explores issues with auditing and reporting (user activity monitoring, file system monitoring, database monitoring, and rapid recovery solutions) to support recovery and investigations. To address real-world business challenges related to data integrity, the example solution is composed of open-source and commercially available components.
Organizations must be able to quickly recover from a data integrity attack and trust that any recovered data is accurate, complete, and free of malware.
A white paper that provides an overview of the three Data Integrity projects and how they align with the NIST Cybersecurity Framework. This paper offers a high-level explanation of the architecture and capabilities, and it explains how these projects can be brought together into one comprehensive data integrity solution.
Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.