Date Published: December 16, 2024
Comments Due: January 30, 2025
Email Comments to:
genomic_cybersecurity_nccoe@nist.gov
The NIST National Cybersecurity Center of Excellence (NCCoE) has released two new draft publications to help organizations address cybersecurity and privacy risks associated with processing genomic data. Both drafts are open for public comment until 11:59 PM (ET) on Thursday, January 30, 2025.
Draft NIST Internal Report (IR) 8467, Genomic Data Cybersecurity and Privacy Frameworks Community Profile (Genomic Data Profile), provides a structured, risk-based approach for managing both cybersecurity and privacy risks in processing genomic data. This update incorporates the NIST Cybersecurity Framework (CSF) version 2.0 and NIST Privacy Framework (PF) version 1.0 to help organizations prioritize cybersecurity and privacy capabilities. This is the first joint CSF and PF Community Profile developed by NIST.
Draft NIST Cybersecurity White Paper (CSWP) 35, Cybersecurity Threat Modeling the Genomic Data Sequencing Workflow, evaluates potential threats in a genomic data processing environment using an iterative methodology. It provides an example use case and demonstrates an approach which organizations can adapt to identify cybersecurity threats and mitigations in their environments.
The public comment period for the drafts is open until 11:59 PM (ET) on Thursday, January 30, 2025. More details for providing public feedback are within the drafts.
The NCCoE is planning a webinar on January 13, 2025, to give an overview of the drafts. More details will be announced soon.
The NCCoE has released a new two-page fact sheet summarizing the genomics cybersecurity and privacy project roadmap and outcomes. Additional ongoing project work includes privacy threat modeling for genomic data workflows and development of a Privacy Enhancing Technologies (PETs) testbed for privacy-preserving federated learning (PPFL).
To stay informed about this work and receive project updates, join the NCCoE Genomic Data Community of Interest (COI). Email us at genomic_cybersecurity_nccoe@nist.gov.
None selected
Publication:
https://doi.org/10.6028/NIST.IR.8467.2pd
Download URL
Supplemental Material:
Comment template
Project homepage
Related NIST Publications:
Document History:
06/15/23: IR 8467 (Draft)
12/16/24: IR 8467 (Draft)
personally identifiable information, risk management, security programs & operations
Applications Laws and RegulationsExecutive Order 14028, Federal Information Security Modernization Act, Health Insurance Portability and Accountability Act
Sectors