Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events

Current Status

This project is currently seeking technology vendors to participate in the development of an example solution. Please see our Federal Register notice for more information. After reviewing the notice, if you as a technology provider are interested in providing products and technical expertise as a collaborator on the reference design for this project, please send an email to di-nccoe@nist.gov requesting a Letter of Interest template.

Download the Detecting and Responding to Ransomware and Other Destructive Events Project Description for more information on this project.

Summary

The National Cybersecurity Center of Excellence (NCCoE) at NIST is proposing a project that could help organizations detect and respond to data integrity events across multiple industries. This project will include the development of a reference design and use commercially available technologies to develop an example solution that will help various organizations implement stronger security controls.

Ransomware, destructive malware, insider threats, and even honest mistakes present an ongoing threat to an organization’s infrastructure. Database records and structure, system files, configurations, user files, application code, and customer data are all at risk should an attack occur. 

Organizations that do not implement detection and response solutions leave themselves at risk for many types of data integrity attacks. These risks could be reduced using capabilities such as:

  • integrity monitoring
  • event detection
  • vulnerability management
  • reporting capabilities
  • mitigation and containment

This project focuses on detailed methods and potential tool sets that can detect, mitigate, and contain data integrity events in the components of an enterprise network. It will also identify tools and strategies to aid in a security team’s response to such an event. The scope of the project will answer specific questions pertaining to detecting and responding to data integrity events. It will result in a publicly available NIST Cybersecurity Practice Guide, a detailed implementation guide of the practical steps required to implement a cybersecurity reference design that addresses this challenge.