Genomic Data Threat Modeling

Date Published: August 5, 2025
Comments Due: September 4, 2025 (public comment period is CLOSED)
Email Questions to: [email protected]

Author(s)

Ronald Pulivarti (NIST), Justin Wagner (NIST), Brett Kreider (MITRE), Stuart Shapiro (MITRE), Julie Nethery Snyder (MITRE), Kevin Wilson (MITRE), Martin Wojtyniak (MITRE), Phillip Whitlow (HudsonAlpha Institute for Biotechnology), Scott Ross (HudsonAlpha Institute for Biotechnology), Isabelle Brown-Cantrell (University of Alabama in Huntsville), Patrick Pape (University of Alabama in Huntsville), Jared Sheldon (University of Alabama in Huntsville)

Announcement

The NIST National Cybersecurity Center of Excellence (NCCoE) has just published draft Volumes A and C of NIST Special Publication (SP) 1800-43, Genomic Data Threat Modeling. Volumes A (Executive Summary) and C (Privacy) are open for public comment through September 4, 2025.

Cybersecurity and privacy attacks pose significant challenges to genomic data processing environments due to the potentially sensitive and highly personal nature of genomic information. Unauthorized access, data breaches, or malicious tampering can derail business operations, compromise patient privacy, and erode trust. This NIST publication series describes a threat modeling approach that includes a methodological analysis of cybersecurity and privacy risks to system components and data transfers on representative genomic data workflows.

Note: The Cybersecurity Threat Modeling for Genomic Data, previously released for public comment as a NIST Cybersecurity White Paper (CSWP) 35, will be published as Volume B of this special publication when finalized later this year.

Control Families

None selected