Commencing January 25, 2025, the National Institute of Health (NIH) will require all approved users of listed NIH controlled access genomic data repositories (e.g. dbGaP) to secure data in NIST SP 800-171 compliant systems (see NOT-OD-24-157). This applies to any new or renewed Data Use Certifications or similar agreements executed on or after January 25, 2025. Complying with this new requirement may impact project costs – please evaluate the available UCSF services and budget accordingly.
Compliant IT environments
Please see Cybersecurity Update for Approved Users of NIH Controlled-Access Genomic Data for more information on compliant IT environments that meet this new cybersecurity requirement. All individual-level and derived datasets (e.g., summary results, count matrixes) from listed NIH controlled access genomic data repositories must be protected in approved compliant environments only.
Questions?
Please contact secureresearch@ucsf.edu if you have questions about this new requirement.