Project Overview
Innovative genomic sequencing technologies facilitate collection, sequencing, and analysis of vast quantities of genomic data, fueling our nation’s economic and health leadership posture. However, this valuable genomic information may not be protected with sufficient rigor commensurate with cybersecurity and privacy risks.
In response, the National Institute of Standards and Technology (NIST) is engaging with genomic stakeholders across government, academia, and industry to develop voluntary, actionable guidance to help organizations manage, reduce, and communicate cybersecurity and privacy risks for systems, networks, and assets that process any type of genomic data. This effort is informed by direction from Congress, the White House, and NIST's existing expertise in genomics as well as cybersecurity.
The NCCoE has published Final NIST IR 8432, Cybersecurity of Genomic Data, which summarizes the current practices, challenges, and solutions for security genomic data. The NCCoE has also released Draft NIST IR 8467, Cybersecurity Framework (CSF) Profile for Genomic Data. The NCCoE is currently working to address the broader privacy landscape for genomic data by creating an integrated Cybersecurity and Privacy Framework Profile, based on CSF 2.0 and Privacy Framework 1.0. This will be NIST's first integrated Cybersecurity and Privacy Framework Profile. These Profiles are meant to supplement, not replace, current cybersecurity and privacy standards and industry guidelines that organizations already use to secure their genomic data.