Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Updates 2024

NIST Genomic Data Cybersecurity and Privacy Publications | Comment Period Open
December 17, 2024

Comment period extended

The public comment period for CSWP 35 has been extended through February 14, 2025.

The NIST National Cybersecurity Center of Excellence (NCCoE) has released two new draft publications to help organizations address cybersecurity and privacy risks associated with processing genomic data.

  • NIST IR 8467 is open for public comment until 11:59 PM (ET) on Thursday, January 30, 2025.
  • CSWP 35 is open for public comment until 11:59 PM (ET) on Friday, February 14, 2025. Thursday, January 30, 2025.

About the Drafts

Draft NIST Internal Report (IR) 8467, Genomic Data Cybersecurity and Privacy Frameworks Community Profile (Genomic Data Profile), provides a structured, risk-based approach for managing both cybersecurity and privacy risks in processing genomic data. This update incorporates the NIST Cybersecurity Framework (CSF) version 2.0 and NIST Privacy Framework (PF) version 1.0 to help organizations prioritize cybersecurity and privacy capabilities. This is the first joint CSF and PF Community Profile developed by NIST.

Draft NIST Cybersecurity White Paper (CSWP) 35, Cybersecurity Threat Modeling the Genomic Data Sequencing Workflow, evaluates potential threats in a genomic data processing environment using an iterative methodology. It provides an example use case and demonstrates an approach which organizations can adapt to identify cybersecurity threats and mitigations in their environments.

We Want to Hear from You!

The public comment period for the drafts is open until 11:59 PM (ET) on Thursday, January 30, 2025. More details for providing public feedback are within the drafts.

Looking Ahead

The NCCoE is planning a webinar on January 13, 2025, to give an overview of the drafts. More details will be announced soon.

The NCCoE has released a new two-page fact sheet summarizing the genomics cybersecurity and privacy project roadmap and outcomes. Additional ongoing project work includes privacy threat modeling for genomic data workflows and development of a Privacy Enhancing Technologies (PETs) testbed for privacy-preserving federated learning (PPFL).

To stay informed about this work and receive project updates, join the NCCoE Genomic Data Community of Interest (COI). Email us at genomic_cybersecurity_nccoe@nist.gov

Created December 13, 2024, Updated January 30, 2025