NIST Standards

An initial public draft issued by NIST in August 2023 that summarizes feedback NIST received on institutions of higher education (IHE) cybersecurity challenges and includes resources and possible next steps. Per the final research security program guidelines published July 9, 2024, institutions are to implement a cybersecurity program one year after publication of the final version of this NIST cybersecurity resource. Federal research funding agencies, working with NIST and IHEs via the Federal Demonstration Partnership (FDP), are currently developing cybersecurity guidelines that align with NIST 8481 for use in RSPs.

Published August 2023 by NIST, this report integrates several U.S. government policies and guidelines to develop a framework for an integrated, risk-balanced approach for safeguarding international science and technology from undue foreign interference.

Requires NIST to consider the needs of IHEs when creating cybersecurity guidance.

Requires NIST to offer resources and technical assistance to research intensive universities to help them mitigate cyber risks related to conducting research.

On September 24, 2025, and effective immediately, NIH issued NOT-OD-25-159, establishing new security, operational, and transparency standards for controlled-access data repositories (CADRs) that store and manage sensitive human research data.