NIH Controlled-Access Data Repositories (CADRs)

Effective February 25th, 2026, investigators, individuals, and their institutions who access data from an NIH Controlled-Access Data Repository (CADR) must adhere to security standards outlined in the NIH Security Best Practices for Users of Controlled-Access Data. This requires enhanced security requirements for accessing, handling, and storing controlled-access data. Specifically, protecting the data in accordance with National Institute of Standards and Technology (NIST) SP 800-171.

If you are accessing data from a listed NIH CADR, or are an approved user with an agreement that will be renewed, please reach out to Tori McIntosh, Research Security Manager, to discuss a data management plan.