NIST Introduces NISTIR 8374 to Tackle Ransomware Risk Management

On June 9^th, 2021, the National Institute of Standards and Technology (NIST) released its preliminary draft for the Cybersecurity Framework Profile for Ransomware Risk Management (NISTIR 8374), a new ransomware risk management framework.

This framework allows organizations to assess their ransomware readiness and protections through a defined control framework. The framework utilizes NIST’s already popular Cybersecurity Framework (CSF) as a base to leverage its control existing mappings. The full NISTIR 8374 draft is available at csrc.nist.gov/CSRC/media/Publications/nistir/draft/documents/NIST.IR.8374-preliminary-draft.pdf and the abstract reads:

Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. In some instances, attackers may also steal an organization’s information and demand an additional payment in return for not disclosing the information to authorities, competitors, or the public. This Ransomware Profile identifies the Cybersecurity Framework Version 1.1 security objectives that support preventing, responding to, and recovering from ransomware events. The profile can be used as a guide to managing the risk of ransomware events. That includes helping to gauge an organization's level of readiness to counter ransomware threats and to deal with the potential consequences of events.

For those that have not used the CSF prior, the CSF focuses on 5 categories (Identify, Protect, Detect, Respond, and Recover) which under them contain numerous subcategories.  These subcategories are then mapped to specific controls under various frameworks such as NIST 800-53, COBIT 5, ISO, CIS CSC and ISA.  By leveraging this existing control framework, NIST utilized the existing control mapping to both NIST 800-53 and ISO 27001 and then selected specific controls from each of these that focus on policy and processes related to ransomware prevention and incident response.  An organization wanting to assess its capabilities would then focus on either the NIST 800-53 or ISO defined controls, based on their internal selected control framework.

NIST is currently seeking public feedback on the framework up to July 9^th, 2021, from which they will review and potentially edit the framework based on the feedback.  While it cannot be determined how much will change based on public comments, the expectation is that it will not be substantial when the framework is finalized.  If your organization has concerns around ransomware protection, detection, and response, NIST has got your back with another one of their industry recognized frameworks.

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].

In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.