CASC Briefing: Harmonizing Federal Cybersecurity Compliance for Research Data

The Coalition for Academic Scientific Computation (CASC), representing 108 U.S. research institutions, is addressing the growing challenge of fragmented federal cybersecurity requirements for research. Research Computing and Data (RCD) centers—critical to advances in genomics, biomedical research, defense, and advanced computing—are burdened by conflicting rules tied to NIST SP 800-171 and incorporated into Federal Acquisition Regulations (FAR) and agency contracts. Institutions face simultaneous requirements for different versions of the same standard, overlapping compliance frameworks, rapid implementation deadlines, and escalating costs.

CASC recommends a coordinated federal approach: adopt a single, stable standard for NIST SP 800-171, establish consistent oversight and flow-down requirements, scale compliance obligations according to project risk, and invest in shared infrastructure that can support institutions of all sizes. Aligning these requirements will reduce duplication, strengthen data security, and ensure the sustainability of the nation’s research enterprise.