Project Overview
Advancements in genomic sequencing technologies are accelerating the speed and volume of data collection, sequencing, and analysis. However, this progress also heightens cybersecurity and privacy risks. In response, the NIST is engaging with genomic stakeholders across government, academia, and industry to develop voluntary, actionable guidance to help organizations manage cybersecurity and privacy risks for systems that process genomic data.
The NCCoE published final NIST Internal Report (IR) 8432, Cybersecurity of Genomic Data, summarizing the current practices, challenges, and solutions for protecting genomic data. Building on additional insights from our ongoing collaboration with the genomics community, the NCCoE updated draft NIST IR 8467, Genomic Data Cybersecurity and Privacy Frameworks Community Profile (Genomic Data Profile), a structured, risk-based approach for managing both cybersecurity and privacy risks in processing genomic data. The updated draft incorporates the NIST Cybersecurity Framework (CSF) version 2.0 and NIST Privacy Framework (PF) version 1.0 to help organizations prioritize both cybersecurity and privacy capabilities. This Profile is the first joint CSF and PF Community Profile developed by NIST.
The NCCoE has also published draft NIST Cybersecurity White Paper (CSWP) 35, Cybersecurity Threat Modeling the Genomic Data Sequencing Workflow. This white paper evaluates potential cybersecurity threats in a genomic data processing environment using an iterative methodology. It provides an example use case and demonstrates an approach which organizations can adapt to identify cybersecurity threats and mitigations in their environments.
Ongoing project work includes privacy threat modeling for genomic data workflows, development of a Privacy Enhancing Technologies (PETs) Testbed for privacy-preserving federated learning (PPFL), and the PETs Testbed's Genomics PPFL Platform 2025 Red-Teaming Event.