NIH Security Best Practices for Controlled-Access Data and Repositories

Learn about NIH’s expectations for: users of controlled-access data; NIH-supported repositories that store controlled-access data; and NIH systems that provide access to controlled-access data.

NIH has updated its security standards in the NIH Security Best Practices for Controlled-Access Data Subject to the NIH Genomic Data Sharing (GDS) Policy for Approved Users of controlled-access data under the GDS Policy. Effective on January 25, 2025, adherence to the updated security standards in the NIH Security Best Practices for Users of Controlled-Access Data will be included in new or renewed Data Use Certifications or similar agreements. Users approved prior to January 25, 2025, should secure data according to the NIH Security Best Practices for Controlled-Access Data Subject to the NIH Genomic Data Sharing (GDS) Policy until project close-out or renewal.

Additionally, NIH controlled-access data repositories subject to the Guide Notice will be expected to secure data according to the NIH Security Best Practices for Controlled-Access Data Repositories.

For additional information, please see Implementation Update for Data Management and Access Practices Under the Genomic Data Sharing Policy (NOT-OD-24-157).