Globus meets new security expectations for NIH controlled-access data
December 05, 2024 | Brigitte Raumann
NIH has announced an Implementation Update for Data Management and Access Practices Under the Genomic Data Sharing Policy. Effective January 25, 2025, Approved Users of NIH controlled-access data must attest they maintain such data on institutional IT systems and third-party computing infrastructures compliant with NIST SP 800-171. NIH controlled-access data repositories must attest they are compliant with NIST SP 800-53 at the Moderate baseline, including any third-party IT system and/or Cloud Service Provider used by the repositories for storage and sharing of NIH controlled-access data.
You can use Globus data management services to meet these new NIH security best practices for controlled-access data at your institution. Globus high assurance services comply with NIST SP 800-171 and NIST SP 800-53 Moderate baseline required by the updated NIH policy. Researchers can use Globus for compliant data movement, whether the genomic data is stored on-premises or cloud hosted. Data repositories can leverage the Globus platform to offer their users a secure, and easy to use data access interface. Researchers and repositories alike can use Globus for compliant data sharing capabilities, which include management of folder level permissions via federated identities and groups, without the need to move data to a file sharing service or create and manage temporary user accounts. The document High Assurance Collections for Protected Data provides an overview of deploying and using Globus to meet these data security requirements at your institution.
Please contact support@globus.org if you are interested in learning more about how Globus can help you meet security best practices for users and repositories of NIH controlled-access data.