The NCCoE recently released the final version of the NIST Cybersecurity Practice Guide SP 1800-11, Data Integrity: Recovering from Ransomware and Other Destructive Events.
The goal of this building block effort is to help organizations confidently identify:
Altered data, as well as the date and time of alteration
The identity/identities of those who alter data
Other events that coincide with data alteration
Any impact of the data alteration
The correct backup version (free of corrupted data) for data restoration