Site icon

What Is the NISTIR 8374 Ransomware Report?

NISTIR 8374 featured

Ransomware is one of the most significant security threats and perhaps one of the most recognizable threats in modern cybersecurity. These attacks cost businesses millions of dollars and can result in the loss of massive volumes of mission-critical information that supports business operations, national infrastructure, or government agencies. As part of the Cybersecurity Framework, the National Institute of Standards and Technology has released a new internal report known as the “Ransomware Report” (NISTIR 8374) to aid agencies and companies in resisting these threats. 

What Is Ransomware?

Ransomware is a form of malware that, as its payload, encrypts system data and holds it ransom for money or other (potentially political) purposes. 

Encryption gives attackers a solid weapon to use against targets. Encryption functions through complex mathematical functions that obfuscate data to render it unreadable to outside viewers. Because of how this kind of math works, it’s impossible to reverse-engineer the encryption function from the key and functionally impossible to decrypt the information without the key.

This is a double-edged sword. On the one hand, this creates excellent security for the information in question. On the other hand, it places quite a bit of responsibility on the administrator to protect and safeguard keys, so the data remains accessible. 

This reality creates the threat of ransomware, which works through a few simple steps:

Ransomware has become one of the significant forms of attack in modern computing, and it potentially impacts every agency, business and organization with IT systems in place. 

 

What Is NIST Internal Report 8374?

To help government agencies and contractors mitigate the ransomware challenge, the National Institute of Standards and Technology (NIST) released Internal Report 8374, “Ransomware Risk Management: A Cybersecurity Framework Profile,” in February 2022. This report stands as a profile of acceptable security practices that address the threat of ransomware from prevention to response. 

The profile itself breaks down security based on the requirements under the Cybersecurity Framework, the NIST document governing best practices and procedures for agencies, organizations, and contractors working with the federal government. 

 

The Ransomware Profile

The ransomware profile outlined in NISTIR 8374 covers several wide-ranging security control families and priorities. These controls are highlighted with references to more detailed discussions in NIST and ISO documents. 

Some of the major requirements described in this profile include the following:

 

Asset Management

Companies need to have the capacity to manage their hardware, software, and data to understand better the threats they face. 

 

Business Environment

Organizational systems and objectives must align with security and management. Otherwise, it is challenging, if not impossible, to maintain protection against ransomware. 

 

Governance

Enterprises and agencies should be able to, and begin to implement, governance plans around ransomware security. This includes having the capacity to create, deploy, and communicate policies around ransomware protection and including any legal or regulatory requirements into that plan. 

 

Risk Assessment and Management

Risk is one of the defining practices of modern cybersecurity, which is just as true for ransomware. The ransomware profile accordingly includes several approaches to risk as a ransomware solution:

 

Identity and Access Management

Secure organizations must have clear IAM policies and processes to ensure that user accounts and associated resources remain safe. These revolve around identity, access policies, and authentication processes:

 

Training

All organizations should include current and ongoing employee training and education to help stop ransomware attacks. This will consist of education for technical professionals managing IT systems, users with system access, and compliance officers monitoring changes to regulations. 

 

Data and Information Protection

Data protection isn’t limited to access management or encryption. It’s critical that data remain available, backed up, and insulated from unauthorized access as much as possible:

 

Anomaly Detection and Monitoring

If a potential ransomware attack occurs, then agencies and enterprises must be able to pick them up reliably through a variety of methods:

 

Response and Recovery Planning

In the case that a ransomware attack has occurred, successfully or not, your organization should be able to respond quickly to mitigate and recover from that threat:

 

Securing Your Systems Against Ransomware?

It’s critical to work with knowledgeable, experienced security experts to deploy the recommendations of NISTIR 8374. Lazarus Alliance has decades of experience with cybersecurity compliance and monitoring, particularly in the federal sector. Our extensive expertise with NIST and CSF requirements makes us the go-to security firm to address threats like ransomware in government and government contractor systems. 

Continuum GRC is cloud-based, always available and plugged into our team of experts. We provide risk management and compliance support for every major regulation and compliance framework on the market, including:

And more. We are also the only FedRAMP and StateRAMP authorized compliance and risk management solution in the world.

Continuum GRC is a proactive cyber security®, and the only FedRAMP and StateRAMP Authorized cybersecurity audit platform in the world. Call 1-888-896-6207 to discuss your organization’s cybersecurity needs and find out how we can help your organization protect its systems and ensure compliance.

[wpforms id=”43885″]

Exit mobile version