NIST IR 8432 outlines current challenges and proposed solutions in the genomic data cybersecurity landscape.
The following publications are open for public comment through January 30, 2025.
The advent of innovative genomic sequencing technologies has ushered in an era where it is now possible to sequence and analyze an entire genome quickly and affordably. The vast amounts of genomic data collected have helped fuel our nation’s economic and health leadership posture; however, this information may not be protected with sufficient rigor.
NIST IR 8432 outlines current challenges and proposed solutions in the genomic data cybersecurity landscape.
The following publications are open for public comment through January 30, 2025.
Advancements in genomic sequencing technologies are accelerating the speed and volume of data collection, sequencing, and analysis. However, this progress also heightens cybersecurity and privacy risks. In response, the NIST is engaging with genomic stakeholders across government, academia, and industry to develop voluntary, actionable guidance to help organizations manage cybersecurity and privacy risks for systems that process genomic data.
The NCCoE published final NIST Internal Report (IR) 8432, Cybersecurity of Genomic Data, summarizing the current practices, challenges, and solutions for protecting genomic data. Building on additional insights from our ongoing collaboration with the genomics community, the NCCoE updated draft NIST IR 8467, Genomic Data Cybersecurity and Privacy Frameworks Community Profile (Genomic Data Profile), a structured, risk-based approach for managing both cybersecurity and privacy risks in processing genomic data. The updated draft incorporates the NIST Cybersecurity Framework (CSF) version 2.0 and NIST Privacy Framework (PF) version 1.0 to help organizations prioritize both cybersecurity and privacy capabilities. This Profile is the first joint CSF and PF Community Profile developed by NIST.
The NCCoE has also published draft NIST Cybersecurity White Paper (CSWP) 35, Cybersecurity Threat Modeling the Genomic Data Sequencing Workflow. This white paper evaluates potential cybersecurity threats in a genomic data processing environment using an iterative methodology. It provides an example use case and demonstrates an approach which organizations can adapt to identify cybersecurity threats and mitigations in their environments.
Ongoing project work includes privacy threat modeling for genomic data workflows and development of a Privacy Enhancing Technologies (PETs) testbed for privacy-preserving federated learning (PPFL).
A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI.