Updates to Data Management and Access Practices under the NIH Genomic Data Sharing Policy – NIH Extramural Nexus

"In summary:

• NIH is making the following changes to modernize the security standards provided for NIH controlled-access data in the NIH Security Best Practices for Controlled-Access Data Subject to the NIH GDS Policy that Approved Users adhere to as a part of terms and conditions of access:
  • Approved U.S. and non-U.S. users will be required to attest to NIH that their institution and any third-party system or Cloud Service Providers involved in data analysis or storage comply with NIST SP 800-171 or an equivalent IT security standard.
  • Adherence to the new standard will be included in new or renewed Data Use Certifications or similar agreements.

• NIH is establishing security standards for NIH controlled-access data repositories requiring the adoption of the NIST SP 800-53 Moderate IT security standard. These security standards will apply to NIH controlled-access data repositories and access systems supported by NIH funding to provide long-term storage for, or control access to, human genomic data generated and shared under the GDS Policy.

• NIH is establishing minimum expectations for developers provided access to controlled-access human genomic data under the GDS Policy. Developers will be expected to submit a request containing a Developer Use Statement to a NIH Developer Data Access Committee (DAC) for review. If the DAC approves, the NIH controlled-access data repository can use existing technical capabilities to grant developer access...."