Effective January 25, 2025, NIH implemented a new cybersecurity
requirement for the use of human genomic data from NIH controlled-access data repositories (e.g., NIH dbGaP). Users of NIH controlled-access genomic data will be required to attest that the IT systems used for data analysis and storage comply with NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.
Why it matters: You will be impacted if you have controlled access to data from one of these 20 NIH data repositories. RIS has worked with Information Security to assess our computing facility to support these security requirements, which will allow you to continue using RIS services for your research. However, we must make operational and technical changes over the next year.
Request assistance at the RIS Service Desk for more information on this policy or to get an initial assessment and cost estimates for the technology needed to achieve compliance.