Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events

Citation

National Cybersecurity Center of Excellence, Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events (NIST Special Publication 1800-26) (Dec. 8, 2020) (full-text).

Overview

SP 1800-26 comprises the following volumes:

• SP 1800-26A: Executive Summary (full-text).

• SP 1800-26B: Approach, Architecture, and Security Characteristics (full-text).

• SP 1800-26C: How-To-Guides (full-text).

The complete guide can be download at (full-text).

This series of practice guides focuses on data integrity (DI): the property that data has not been altered in an unauthorized manner. Data integrity covers data in storage, during processing, and while in transit.

The goals of this NIST Cybersecurity Practice Guide are to help organizations confidently:

• detect malicious and suspicious activity generated on the network, by users, or from applications that could indicate a DI event
• mitigate and contain the effects of events that can cause a loss of DI
• monitor the integrity of the enterprise for detection of events and after-the-fact analysis
• utilize logging and reporting features to speed response time to DI events
• analyze DI events for the scope of their impact on the network, enterprise devices, and enterprise data
• analyze DI events to inform and improve the enterprise's defenses against future attacks.