Skip to main content

New Data Management and Access Requirements for NIH Genomic Data

Beginning January 25, 2025, any researchers who plan to work with genomic data from NIH repositories will need to comply with new data management and storage requirements per updated “NIH Security Best Practices for Users of Controlled-Access Data”. NIH announced in NOT-OD-24-157:

  • “Approved Users” of NIH controlled-access data will attest to NIH that institutional systems used to access or store covered data are compliant with NIST SP 800-171 (“secure environment”). This attestation will likely be part of the NIH data use agreements that are reviewed and signed by OCG and required to become an “Approved User.”
  • “Approved Users” choosing a third-party IT system and/or Cloud Service Provider (CSP) for data analysis and/or storage will provide NIH with an attestation affirming that the third-party system is compliant with NIST SP 800-171.

Additional information about this change and covered repositories:

If you have general questions about this policy change, reach out to Alexa Van Dalsem, Senior Director of OCG, at alexa.vandalsem@colorado.edu