Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity Practice Guides for Securing Data Integrity Against Ransomware Attacks

NIST's NCCoE is publishing two Cybersecurity Practice Guides for data integrity that address identifying and protecting assets against--and detecting and responding to--ransomware and other destructive events. Special Publications (SP) 1800-25 and 1800-2

NIST's National Cybersecurity Center of Excellence (NCCoE)—in collaboration with members of the business community and vendors of cybersecurity solutions—has built example solutions to address the data integrity challenges posed by ransomware and other destructive events. These are described in NIST Special Publication (SP) 1800-25Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events, and SP 1800-26Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events.

Ransomware, destructive malware, insider threats, and even honest user mistakes present ongoing threats to organizations. All types of data are potential targets of data corruption, modification, and destruction.

Formulating a defense against these threats requires thorough knowledge of the assets within the enterprise and protection of these assets against data corruption and destruction. Furthermore, quick, accurate, and thorough detection and response to a loss of data integrity can save an organization time, money, and headaches.

These two new publications complement SP 1800-11, which addresses recovering from ransomware and other destructive events. For more details and links to related efforts, see the Data Security program page.

Released December 8, 2020, Updated February 10, 2021