NIH Controlled-Access Genomic Data Security Requirements

NIH Controlled-Access Genomic Data Security Requirements 

Greetings Colleagues, 

If your PI and research team anticipate working with or need access to controlled-access human genomic data, please be aware that effective January 25th, 2025, NIST SP 800-171 or NIST SP 800-53 security requirements will apply. 

See NIH NOT-OD-24-157 and review NIH security best practices for users of controlled-access data for more information. 

Impacted UW research teams must be compliant upon UW’s acceptance of an NIH award (new or competing) that supports NIH controlled-access data on the project. 

NIST SP 800-171 compliance will be required of:

• Approved users of controlled-access human genomic data from NIH controlled-access data repositories.

• Developers who test platforms, pipelines, analysis tools, and user interfaces that store, manage, and interact with human genomic data from NIH controlled-access data repositories as well as provide infrastructure development and repository maintenance.

NIST SP 800-53 compliance will be required of:

• NIH controlled-access data repositories supported by NIH funding

Data Use Certification Requests

Data Use Certification must be made by someone with the authority and capacity to ensure that the NIH Security Best Practices for Controlled-Access Data are in place, ahead of OSP submitting. 

At this time, we encourage those who anticipate working with, need access to, or handle controlled-access human genomic data at the UW, to review the NIH Notice, and corresponding security requirements. 

Please watch for further information from the Office of Research and Office of Sponsored Programs. 

Thank you, 
The Office of Research & Office of Sponsored Programs