Cybersecurity
Cybersecurity Research Security Program Requirements Coming Soon!
Agency Specific Requirements
Federal research sponsors may require certain data security and safeguarding requirements depending on the type of data being generated, accessed, or stored.
NIH
Effective January 25, 2025, users and developers of controlled-access genomic data will be required to manage that data in compliance with NIST SP 800-171 cybersecurity requirements. For more information, please see: NIH Data Management and Access Requirements for Sharing Genomic Data.
NIST SP 800-171 Compliant Environments
Currently, the AWS SRE, an AWS cloud-based solution managed centrally by Penn Information and Computing Systems (ISC), is the only NIST SP 800-171-compliant solution available at Penn. Access to the AWS SRE may be requested via: https://ors.freshservice.com/support/catalog/items/68.*
In the Perelman School of Medicine (PSOM), additional environments (HPC/LPC and HSDRC) are being assessed to be brought into compliance.
On August 7, 2025, PMACS, ORS, and ISC hosted a NIST 800-171 town hall. A copy of the slides and recording can be found here.
*For estimated costs of set up and maintenance related to the SRE, see here.