UW Research

November 14, 2024

NIH Controlled-Access Genomic Data Security Requirements

If your PI and research team anticipate working with or need access to controlled-access human genomic data, please be aware that effective January 25th, 2025, NIST SP 800-171 or NIST SP 800-53 security requirements will apply.

Impacted UW research teams must be compliant upon UW’s acceptance of an NIH award (new or competing) that supports NIH controlled-access data on the project.

See NIH NOT-OD-24-157, and review NIH security best practices for users of controlled-access data for more information.

NIST SP 800-171 compliance will be required of :

  • Approved users of controlled-access human genomic data from NIH controlled-access data repositories.
  • Developers who test platforms, pipelines, analysis tools, and user interfaces that store, manage, and interact with human genomic data from NIH controlled-access data repositories as well as provide infrastructure development and repository maintenance.

NIST SP 800-53 compliance will be required of:

  • NIH controlled-access data repositories supported by NIH funding.

Data Use Certification Requests

Data Use Certification must be made by someone with the authority and capacity to ensure that the NIH Security Best Practices for Controlled-Access Data are in place, ahead of OSP submitting.

Resources:


This announcement was shared with the UW MRAM listserve.