Announcement: Effective February 25, 2026, all downloads of data from NIH designated Controlled-Access Data Repositories (CADR), must meet a set of stringent cybersecurity standards found in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800.171. These cybersecurity standards, which were first applied to NIH genomic repositories beginning in January 2025, now extend to all NIH CADRs, and must be met in connection with any download of data from NIH-designated CADR’s.
To review a list of NIH-designated CADR’s to which these standards now apply, please visit https://grants.nih.gov/policy-and-compliance/policy-topics/sharing-policies/accessing-data/requirements.
At present, investigators may utilize a compliant solution managed by USC Keck Managed Services (KMS). Researchers interested in this option should contact Research Compliance or USC Stevens Center to initiate the process. USC Cybersecurity is continuing to evaluate additional service providers and will share updates as more options become available. In addition, compliant solutions are offered by certain external service providers, listed below. Please be aware that compliant solutions may involve costs and require several weeks to implement prior to the download of data.
Available Service Providers:
USC:
• Keck Managed Services (KMS)
*Additional service providers under assessment: FY 27 implementation
External:
• AnVIL
• BioData Catalyst
Please click here for the USC one-page guidance document for institution-specific information.
Questions?
If you have any questions, please contact Michelle Goff in the Office of Ethics and Compliance at cullenm@usc.edu.