Data Security

Data security is the process of maintaining the confidentiality, integrity, and availability of an organization’s data in a manner consistent with the organization’s risk strategy. Before an incident happens, companies must have a security architecture and response plan in place. Once an incident occurs, they must be able to detect the event and respond accordingly. After the incident, the company must be able to recover effectively and efficiently.

NIST’s National Cybersecurity Center of Excellence is actively working with industry experts and technology vendors to address the most pressing data security challenges. These efforts result in practical, standards-based guidance that organizations can implement in part or full to meet their security and privacy needs.

Security Guidance

A Look Inside the NCCoE's Data Security Lab

Step inside the NIST National Cybersecurity Center of Excellence (NCCoE) Data Security Lab and learn more about how we’re working to protect enterprise systems from ransomware, data breaches, and other threats.

Protecting Your Small Business: Ransomware

In this animated story, two professionals discuss ransomware attacks and the impacts it can have on small businesses. Since ransomware is a common threat for small businesses, this video provides an example of how ransomware attacks can happen—along with how to stay prepared, get helpful information, and find support from NIST’s Small Business Cybersecurity Corner website.

Supplemental Resources

The final version of NISTIR 8374 Ransomware Risk Management: A Cybersecurity Framework Profile has been released. This Ransomware Profile identifies the Cybersecurity Framework Version 1.1 security objectives that support identifying, protecting against, detecting, responding to, and recovering from ransomware events. The profile can be used as a guide to managing the risk of ransomware events.

Securing Data Integrity Against Ransomware Attacks: Using the NIST Cybersecurity Framework and NIST Cybersecurity Practice Guides

A white paper that provides an overview of the three Data Integrity projects and how they align with the NIST Cybersecurity Framework. This paper offers a high-level explanation of the architecture and capabilities, and it explains how these projects can be brought together into one comprehensive data integrity solution. You can also view the recording of our Virtual Workshop on Preventing and Recovering from Ransomware and Other Destructive Cyber Events.

View the paper Get involved with our ransomware guidance
Metal arrow pointing upward

Join the Community of Interest

Employee speaking on video call with colleagues on online briefing with laptop at home

A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI. 

Tell us about yourself

First & Last Name