Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST CSWP 35 (Initial Public Draft)

Cybersecurity Threat Modeling the Genomic Data Sequencing Workflow: An example threat model implementation for genomic data sequencing and analysis

Date Published: December 16, 2024
Comments Due: January 30, 2025
Email Comments to: genomic_cybersecurity_nccoe@nist.gov

Author(s)

Ronald Pulivarti (NIST), Justin Wagner (NIST), Justin Zook (NIST), Brett Kreider (MITRE), Julie Snyder (MITRE), Kevin Wilson (MITRE), Scott Ross (HudsonAlpha Institute for Biotechnology), Phillip Whitlow (HudsonAlpha Institute for Biotechnology), Einaam Alim (University of Alabama in Huntsville), Isabelle Brown (University of Alabama in Huntsville), Patrick Pape (University of Alabama in Huntsville), Jared Sheldon (University of Alabama in Huntsville)

Announcement

The NIST National Cybersecurity Center of Excellence (NCCoE) has released two new draft publications to help organizations address cybersecurity and privacy risks associated with processing genomic data. Both drafts are open for public comment until 11:59 PM (ET) on Thursday, January 30, 2025.

About the Drafts

Draft NIST Internal Report (IR) 8467, Genomic Data Cybersecurity and Privacy Frameworks Community Profile (Genomic Data Profile), provides a structured, risk-based approach for managing both cybersecurity and privacy risks in processing genomic data. This update incorporates the NIST Cybersecurity Framework (CSF) version 2.0 and NIST Privacy Framework (PF) version 1.0 to help organizations prioritize cybersecurity and privacy capabilities. This is the first joint CSF and PF Community Profile developed by NIST.

Draft NIST Cybersecurity White Paper (CSWP) 35, Cybersecurity Threat Modeling the Genomic Data Sequencing Workflow, evaluates potential threats in a genomic data processing environment using an iterative methodology. It provides an example use case and demonstrates an approach which organizations can adapt to identify cybersecurity threats and mitigations in their environments.

We Want to Hear from You!

The public comment period for the drafts is open until 11:59 PM (ET) on Thursday, January 30, 2025. More details for providing public feedback are within the drafts.

Looking Ahead

The NCCoE is planning a webinar on January 13, 2025, to give an overview of the drafts. More details will be announced soon.

The NCCoE has released a new two-page fact sheet summarizing the genomics cybersecurity and privacy project roadmap and outcomes. Additional ongoing project work includes privacy threat modeling for genomic data workflows and development of a Privacy Enhancing Technologies (PETs) testbed for privacy-preserving federated learning (PPFL).

To stay informed about this work and receive project updates, join the NCCoE Genomic Data Community of Interest (COI). Email us at genomic_cybersecurity_nccoe@nist.gov

Control Families

None selected