Ransomware Risk Management framework released for comment

Earlier this year, the NIST National Cybersecurity Center of Excellence published an initial public draft of NIST Interagency Report (NIST IR) 8374 Revision 1, Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile. The project team is interested in gathering additional comments and feedback prior to publishing the final version. The public comment period for this publication is open through September 11, 2025.

Originally published based on NIST Cybersecurity Framework (CSF) 1.1, the draft Community Profile reflects updates introduced with the NIST CSF 2.0. Ransomware can attack organizations of all sizes from any sector. You can use this publication to gauge your organization’s readiness to counter ransomware threats and mitigate potential consequences.

The public comment period is open through September 11, 2025. Please send your feedback about the draft publication to [email protected].