Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity of Genomic Data: NIST IR 8432

The NIST National Cybersecurity Center of Excellence has released NIST Internal Report (IR) 8432, "Cybersecurity of Genomic Data."

Today, the NIST National Cybersecurity Center of Excellence (NCCoE) published Final NIST IR 8432, Cybersecurity of Genomic Data. This report summarizes the current practices, challenges, and proposed solutions for securing genomic data, as identified by genomic data stakeholders from industry, government, and academia. This effort is informed by direction from Congress, the White House, and NIST's existing expertise in genomics as well as cybersecurity.

NCCoE Guidance: CSF Profile for Genomic Data

Following the findings from NIST 8432, the NCCoE released Draft NIST IR 8467, Cybersecurity Framework (CSF) Profile for Genomic Data. This CSF Profile provides voluntary, actionable guidance to help organizations manage, reduce, and communicate cybersecurity risks for systems, networks, and assets that process any type of genomic data.

New Privacy Framework Profile

NCCoE is currently addressing the broader privacy landscape for genomic data by creating the Privacy Framework Profile for Genomic Data. The Privacy Framework Profile, developed using the NIST Privacy Framework, is intended to supplement the CSF Profile, as well as existing security and privacy guidelines and standards. This will be NIST's first Privacy Framework Profile, scheduled for public release in 2024. 

Why Genomic Data?

Genomic data, including deoxyribonucleic acid (DNA) sequences, variants, and gene activity, has fueled the rapid growth of the U.S. bioeconomy. However, this valuable information is subject to cybersecurity and privacy concerns that are inadequately addressed with current policies, guidance documents, and technical controls. NCCoE's forthcoming guidance aims to help organizations assess, tailor, and prioritize their risk mitigation strategies and cyber investments for genomic data.

Join the Community of Interest

If you would like to help shape this project and inform future publications, consider joining the NCCoE Genomics Cybersecurity Community of Interest (COI). Email the team at genomic_cybersecurity_nccoe [at] nist.gov (genomic_cybersecurity_nccoe[at]nist[dot]gov) declaring your interest or complete the COI sign-up form on the project page.

Released December 20, 2023