Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Ransomware Risk Management: Preliminary Draft NISTIR 8374 Available for Comment

NIST's National Cybersecurity Center of Excellence (NCCoE) has released Preliminary Draft NISTIR 8374, "Cybersecurity Framework Profile for Ransomware Risk Management." The public comment period is open through July 9, 2021.

NIST's National Cybersecurity Center of Excellence (NCCoE) has released a new Preliminary Draft report, NIST Interagency or Internal Report (NISTIR) 8374, Cybersecurity Framework Profile for Ransomware Risk Management.

Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. In some instances, attackers may also steal an organization’s information and demand additional payment in return for not disclosing the information to authorities, competitors, or the public. Ransomware can disrupt or halt organizations’ operations. This report defines a Ransomware Profile, which identifies security objectives from the NIST Cybersecurity Framework that support preventing, responding to, and recovering from ransomware events. The profile can be used as a guide to managing the risk of ransomware events. That includes helping to gauge an organization's level of readiness to mitigate ransomware threats and to react to the potential impact of events.

The public comment period for this draft is open through July 9, 2021. See the publication details for a copy of the draft and instructions for submitting comments. You can also contact us at ransomware [at] nist.gov (ransomware[at]nist[dot]gov).

NOTE: NIST is adopting an agile and iterative methodology to publish this content, making it available as soon as possible, rather than delaying its release until all the elements are completed. NISTIR 8374 will have at least one additional public comment period before final publication.

For additional information, visit our Ransomware Protection and Response page.
Released June 9, 2021, Updated June 10, 2021