NCCoE Publishes Final NIST IR 8432, Cybersecurity of Genomic Data

The NIST National Cybersecurity Center of Excellence (NCCoE) has published the Final NIST IR 8432, Cybersecurity of Genomic Data. This report summarizes the current practices, challenges, and proposed solutions for securing genomic data, as identified by genomic data stakeholders from industry, government, and academia. This effort is informed by direction from Congress, the White House, and NIST's existing expertise in genomics as well as cybersecurity.

NCCoE Guidance: CSF Profile for Genomic Data

Following the findings from NIST 8432, the NCCoE released Draft NIST IR 8467, Cybersecurity Framework (CSF) Profile for Genomic Data. This CSF Profile provides voluntary, actionable guidance to help organizations manage, reduce, and communicate cybersecurity risks for systems, networks, and assets that process any type of genomic data.

New Privacy Framework Profile

NCCoE is currently addressing the broader privacy landscape for genomic data by creating the Privacy Framework Profile for Genomic Data. The Privacy Framework Profile, developed using the NIST Privacy Framework, is intended to supplement the CSF Profile, as well as existing security and privacy guidelines and standards. This will be NIST's first Privacy Framework Profile, scheduled for public release in 2024.

Why Genomic Data?

Genomic data, including deoxyribonucleic acid (DNA) sequences, variants, and gene activity, has fueled the rapid growth of the U.S. bioeconomy. However, this valuable information is subject to cybersecurity and privacy concerns that are inadequately addressed with current policies, guidance documents, and technical controls. NCCoE's forthcoming guidance aims to help organizations assess, tailor, and prioritize their risk mitigation strategies and cyber investments for genomic data.