NPCC Security Bulletin: CISA’s Ransomware Tool and NIST Ransomware Risk Management Framework

CISA’s Ransomware Readiness Assessment (RRA) Tool

On June 30, 2021, CISA released a new module in its Cyber Security Evaluation Tool (CSET), RRA. This desktop software tool provides a step-by-step process to evaluate cybersecurity practices on IT and ICS networks.

• CISA CSET Tool Sets Sights on Ransomware Threat Announcement
• CISA Github Ransomware Readiness Assessment CSET v10.3

NIST Preliminary Draft Cybersecurity Framework Profile for Ransomware Risk Management

On June 9, 2021, NIST published a Preliminary Draft of NISTIR 8374 Cybersecurity Framework Profile for Ransomware Risk Management. The paper discusses ransomware challenges, cybersecurity resources, and provides a ransomware profile. The ransomware profile aligns organizations’ ransomware prevention and mitigation objectives, risk appetite, and cybersecurity resources with the elements of the Cybersecurity Framework. The ransomware profile is broken down into the cybersecurity framework categories of identify, protect, detect, respond, and recover.

• NIST Cybersecurity Framework Profile for Ransomware Risk Management Announcement
• Preliminary Draft NISTIR 8374 Cybersecurity Framework Profile for Ransomware Risk Management