U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity and Privacy of Genomic Data

The advent of innovative genomic sequencing technologies has ushered in an era where it is now possible to sequence and analyze an entire genome quickly and affordably. While vast amounts of genomic data have helped fuel our nation’s economic, technological, and health leadership posture, this information may not be sufficiently protected to prevent misuse.

Read the 2-page Fact Sheet 

Genomic cybersecurity and privacy guidelines and resources to help organizations manage risks for systems that process genomic data.

Status: Reviewing Comments

The public comment period has closed for NIST Special Publication 1800-43, Genomic Data Threat Modeling: An Implementation for Genomic Data Sequencing and Analysis.

NIST SP 1800-43A: Executive Summary (Draft)Document Version NIST SP 1800-43A: Executive Summary (Draft)
NIST SP 1800-43C: Privacy (Draft)Document Version NIST SP 1800-43C: Privacy (Draft)
Genomic Data Threat Modeling NIST Pages Static SiteWeb Version Genomic Data Threat Modeling NIST Pages Static Site

The NCCoE Genomic Data team has finalized NIST IR 8432, Cybersecurity for Genomic Data. The public comment period has closed for NIST IR 8467, Genomic Data Cybersecurity and Privacy Frameworks Community Profile and NIST CSWP 35, Cybersecurity Threat Modeling the Genomic Data Sequencing Workflow

NIST IR 8432 Cybersecurity of Genomic DataWeb Version NIST IR 8432 Cybersecurity of Genomic Data
NIST CSWP 35 ipd, Cybersecurity Threat Modeling the Genomic Data Sequencing Workflow (Initial Public Draft)Web Version NIST CSWP 35 ipd, Cybersecurity Threat Modeling the Genomic Data Sequencing Workflow (Initial Public Draft)
NIST IR 8467 2pd, Genomic Data Cybersecurity and Privacy Frameworks Community Profile (Second Public Draft)Web Version NIST IR 8467 2pd, Genomic Data Cybersecurity and Privacy Frameworks Community Profile (Second Public Draft)
NIST IR 8467 Genomic data profile spreadsheetWeb Version NIST IR 8467 Genomic data profile spreadsheet

Project Overview

Genomic cybersecurity and privacy guidelines and resources can aid organizations by enabling secure collaborative innovations and by protecting them against data misuse—which could harm individuals, companies, and government initiatives. NIST is engaging with genomic stakeholders across government, academia, and industry to develop voluntary, actionable guidelines and resources to help organizations manage cybersecurity and privacy risks for systems that process genomic data.

Cybersecurity and Privacy Guidelines

The NCCoE has published several guidelines for the genomics community addressing the challenges of assessing and improving the cybersecurity posture of organizations. These documents were generated with input from the community during workshops and other engagements with the first being NIST IR 8432, Cybersecurity of Genomic Data, summarizing the current practices, challenges, and solutions for protecting genomic data across its lifecycle.

Genomic Data Profile

NIST IR 8467, Genomic Data Cybersecurity and Privacy Frameworks Community Profile was developed through input from stakeholders to identity organization objectives during genomic data processing. It provides a structured, risk-based approach for managing both cybersecurity and privacy risks in processing genomic data.

Threat Modeling for Genomic Data

The soon to be released NIST Special Publication 1800-43 Volumes A-C, Threat Modeling for Genomic Data: An Implementation for Genomic Sequencing and Data Analysis, describes a methodology for identifying and addressing cybersecurity and privacy threats in genomic data processing environments. 

Exploratory Applications of Secure Technologies 

The NCCoE is continuing to explore technologies that can mitigate cybersecurity and privacy risks in genomic data analysis and storage. For example, digital credentials could offer a way for researchers to authenticate their identity to genomic data providers. The project team continues to engage stakeholders to assess their interest and evaluate the feasibility of integrating different technologies into their systems and processes. 

Join the Community of Interest

Employee speaking on video call with colleagues on online briefing with laptop at home

A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI. 

Tell us about yourself





Losing your DNA is not like losing a credit card.  You can order a new credit card, but you cannot replace your DNA.  The loss of your DNA not only affects you, but your relatives and, potentially, generations to come.

(source: The National Counterintelligence and Security Center)