NIST Special Publication 1800-11, titled “Data Integrity: Recovering from Ransomware and Other Destructive Events,” is a cybersecurity practice guide that demonstrates how organizations can develop and implement strategies to quickly recover from incidents that compromise data integrity, such as ransomware attacks, destructive malware, malicious insider activities, or accidental data corruption. The guide provides a modular, standards-based reference design that organizations can use to monitor, detect, and respond to data corruption across various enterprise IT environments, ensuring that recovered data is accurate and trustworthy. It is structured into three volumes: an executive summary, a detailed description of the approach and architecture, and practical how-to guides for implementing the example solution using both open-source and commercial technologies
Publication's URL
https://csrc.nist.gov/pubs/sp/1800/11/finalAdditional documents on this topic
- NIST SP 1800-26 Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events
- NIST SP 1800-25 Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events
- ANSSI Cyber threat overview 2024 (in 2025)
- NIST IR 8374 Rev. 1 Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile
- ANSSI Recommendations for Secure Administration of AD-based IS (FRENCH)