If you handle NIH-controlled genomic data from sources like dbGaP, new cybersecurity requirements from the National Institutes of Health (NIH) mean your research unit must meet strict security standards. UW Information Technology, in partnership with the Office of Sponsored Programs, is here to help you navigate these changes and ensure compliance.
What You Need to Know
The NIH now requires all Approved Users of controlled-access genomic data to:
- Attest that their IT systems comply with NIST SP 800-171 security standards.
- Ensure that any third-party IT system or Cloud Service Provider (CSP) handling NIH data is also NIST SP 800-171 compliant.
- Non-U.S. users unable to meet NIST SP 800-171 must demonstrate compliance with ISO/IEC 27001/27002.
These security requirements are included in new and renewed Data Use Certifications (DUCs), which govern access to NIH-controlled genomic data.
Secure Computing Environments at UW
There are a number of secure computing environments available to researchers at the University of Washington. Please review the following options to see which is the best for your research project.
UW-IT has developed UW Government Community Cloud (GCC), a Microsoft 365 and Azure environment designed for secure computing, collaboration, and data storage with NIH controlled-access and other restricted data.
The Center for Studies in Demography and Ecology offers three distinct computing environments intended to work with a variety of Restricted and Confidential Unclassified Information (CUI) levels. For more information visit the CSDE computing website.
The Applied Physics Laboratory provides a high-security computing environment for PIs with APL-managed contracts. Please email warrenf@uw.edu for more information.
Department of Medicine IT Services offers two high-security computing environments designed to meet NIST 800-53 and NIST 800-171 standards, supporting grants subject to FISMA Moderate, Washington State OCIO 141.10, EU GDPR, and more. Information about these environments can be found on the DOM’s High Security Computing website.
Next Steps for Researchers
- For new or renewed Data Access Requests, follow the instructions on the Office of Sponsored Program’s How to Request Datasets from dbGaP page.
- Review the Computing for Restricted Access Data resource to ensure your research environment meets NIH security standards.
Questions?
- For questions about the NIH requirements or how to submit proposals that meet the requirements, email the Office of Sponsored Programs at osp@uw.edu.
- If you have questions about compliant computing environments, email UW-IT at help@uw.edu.