Framework for Evaluating and Mitigating Ransomware Threats Now Available for Public Feedback
The NIST National Cybersecurity Center of Excellence has published an initial public draft of NIST Interagency Report (NIST IR) 8374 Revision 1, titled "Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile". This publication aims to help organizations mitigate potential consequences of ransomware attacks, providing a valuable resource for industry stakeholders, cybersecurity professionals, government agencies, private sector entities, and other interested parties involved in cybersecurity risk management.
The draft Community Profile is based on the NIST Cybersecurity Framework (CSF) 1.1, with updates introduced in the NIST CSF 2.0 reflected throughout. The publication is intended to help organizations gauge their readiness to counter ransomware threats, offering practical guidance on implementing effective risk management strategies.
Ransomware can attack organizations of all sizes from any sector, making it a significant threat to the global digital landscape. By providing a comprehensive and sector-agnostic approach to ransomware risk management, this publication seeks to empower organizations to protect themselves against this growing threat.
The project team is seeking additional comments and feedback before the final version is published. The public comment period for this publication is open through September 11, 2025. Feedback about the draft can be sent to [email protected].
The final version of the publication will be published after considering the feedback received, ensuring that the guidance provided remains relevant and effective in the ever-evolving cybersecurity landscape. This is an opportunity for the cybersecurity community to contribute to a vital resource that can help organizations worldwide better manage the risks associated with ransomware attacks.
Organizations that have the opportunity to submit comments and feedback on the draft publication "Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile" should not miss this chance to shape a valuable resource for the entire cybersecurity community.
