Two Draft Cybersecurity Practice Guides on Ransomware and Other Data Integrity Events Published by NIST

Two draft cybersecurity practice guides about ransomware and other harmful incidents were published by the National Cybersecurity Center of Excellence at NIST (NCCoE). The first guide is about identifying and protecting assets (SP 1800-25)  while the second guide is about identifying and responding to cyberattacks that jeopardize data integrity (SP 1800-26).

The guides are meant to be utilized by executives, system administrators, chief Information security officials, or people who have a role in securing the information, privacy, and overall operational security of their organizations. It is made up of the following three volumes:

  • an executive summary
  • approach, architecture and security characteristics
  • how-to guides

The first guide talks about the first two primary functions of Identify and Protect of the NIST Cybersecurity Framework. Businesses must do something to secure their assets against ransomware, damaging malware, accidental data loss, and malicious insiders. So as to secure their assets, businesses should first determine their location and then take the required steps to secure those assets against a data damaging event.

To create the first guide, NCCoE investigated several strategies that could be utilized to discover and secure assets from various kinds of data integrity attacks in a variety of conditions. One sample solution was developed in the NCCoE laboratory using commercially accessible solutions to offset attacks prior to their occurrence. The sample solution utilizes solutions such as having safe storage, creating data backups, VMs, and file systems, generating activity logs, helping with asset inventory, and offering integrity monitoring mechanisms.

By utilizing the cybersecurity guide, businesses could identify their assets, evaluate vulnerabilities as well as the reliability and activity of systems to get ready for any attack. Backups may then be made and secured to assure data integrity. The guide additionally helps businesses manage their conditions by evaluating machine posture.

The second guide talks about the primary functions Detect and Respond of the NIST Cybersecurity Framework. The guide explains how organizations could keep track of data integrity and take action immediately to a security event in real-time. A quick response is essential to deal with a data integrity incident to limit the problems created. A quick response could significantly limit the damages and ensure a fast recovery.

The guide addresses event discovery, vulnerability control, reporting functions, mitigation, and containment, and gives comprehensive data on techniques, toolsets to employ, and methods to choose to support the security team’s reaction to a data integrity incident. The sample solution includes several systems working jointly to identify and respond to data corruption incidents in regular enterprise components like databases, mail servers, endpoints, file share servers, and VMs.

NCCoE is looking forward to receiving industry stakeholders’ feedback on the new guides on or before February 26, 2020.