Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events

Current Status

This project is currently seeking technology vendors to participate in the development of an example solution. Please see our Federal Register notice for more information. After reviewing the notice, if you as a technology provider are interested in providing products and technical expertise as a collaborator on the reference design for this project, please send an email to requesting a Letter of Interest template.

Download the Identifying and Protecting Assets Against Ransomware and Other Destructive Events Project Description for more information on this project. 


The National Cybersecurity Center of Excellence (NCCoE) at NIST is proposing a project that could help organizations identify and protect their assets from data integrity attacks across multiple industries. This project will include the development of a reference design and use commercially available technologies to develop an example solution that will help various organizations implement stronger security controls.

Ransomware, destructive malware, insider threats, and even honest mistakes present an ongoing threat to an organization’s infrastructure. Database records, system files, configurations, user files, applications, and customer data are all at risk should an attack occur. 

Organizations that do not implement identification and protection solutions leave themselves at risk for many types of data integrity attacks. These risks could be reduced using capabilities such as:

  • secure storage
  • backup capabilities for databases, VMs, and file systems
  • log collection
  • asset inventory
  • file integrity checking mechanisms

This project focuses on methods to effectively identify assets that may become targets of data integrity attacks. It will also explore methods to protect these assets against data integrity attacks through the use of audit logs, vulnerability management, maintenance, and other potential solutions. It will result in a publicly available NIST Cybersecurity Practice Guide, a detailed implementation guide of the practical steps required to implement a cybersecurity reference design that addresses this challenge.

Join Our Community of Interest

Interested in joining the Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events Community of Interest? Contact us!

A Community of Interest is a group of professionals and technical advisors convened to support the cybersecurity resiliency of the U.S. economy. Read More.

News and Events