Artificial Intelligence and Data Visitation (AIDV) WG Outputs

Working Group Supporting Output November 17, 2025

System Security Assessment Plan Template

Output Type: Working Group Supporting Output
Output Status: Endorsed
Review Period End: 2025-12-18
DOI: 10.15497/RDA00144

Primary Domain: Medical and Health Sciences
RDA Pathways: Data Infrastructures and Environments - Generalist,Data Infrastructures and Environments - Discipline Focused,Research Software,AI meets data: exploring use cases, applications and innovation
Group Technology Focus: Ingest & Appraisal, Other, Performing Research, Re-Use, Virtual Research Environments (VREs)
Stakeholders: Industry & Private Sector, Infrastructure Providers, Research Performing Organisations, Researchers & Scientists
Sustainable Development Goals: Industry, Innovation and Infrastructure
Language: English

Abstract

The System Security Assessment Plan Template is a standardized framework developed by the EOSC-Future/RDA Artificial Intelligence and Data Visitation Working Group (AIDV-WG) and others to evaluate and approve the security of data visitation systems (i.e., platforms that enable controlled, temporary access to sensitive research data without transfer). The template requires an outline of team composition, assessment scope, procedures, and deliverables for evaluating system code, security documentation, and AI model safeguards against standards such as NIST SP 800-171 and ISO/IEC 27018. The template also emphasizes code review, authentication integrity, data leakage prevention, dependency and container security, and continuous monitoring. These measures support consistent approval decisions, remediation recommendations, and final sign-off to ensure that data visitation technologies meet rigorous cybersecurity and compliance requirements. The template was developed and adopted during the RDA AIDV-WG DV4RDA project for performing a security assessment of Lifetime Omics’ tool FAIRlyz. This template is re-useful and recommended for future Data Visitation System Security Assessments.

Impact Statement

Projects planning to undertake a system security assessment related to data visitation systems can systematize their assessment activities and make their systems more secure by using this template to save time and more easily align with standards such as NIST SP 800-171 and ISO/IEC 27018. Use of the template is aimed at positively impacting system and data security as well as increasing organizational and team efficiency during assessment.

Explanation of Sustainable Development Goals

The System Security Assessment Plan Template output aligns with SDG 9: [to] Build resilient infrastructure, promote inclusive and sustainable industrialization and foster innovation. Particularly, 9.5 to “enhance scientific research, upgrade the technological capabilities of industrial sectors in all countries” offering an re-useful standards aligned template as an aid for those pursuing security assessment in the context of scientific research or industrial implementations of data visitation technology.

Citations

Please cite this template as: Patricia Buendia, Patrick Shironoshita, Lars Eklund, David Molik and Natalie Meyers. “System Security Assessment Plan Template.” DV4RDA Project of the EOSC-Future/RDA Artificial Intelligence and Data Visitation Working Group (AIDV-WG). Research Data Alliance. November 15, 2025. DOI: 10.15497/RDA00144.

The template references the following resources:

Coalition for Secure AI (CoSAI), “AI Incident Response Framework, V1.0,” CoSAI Project GitHub. Accessed: Nov. 17, 2025. [Online]. Available: https://github.com/cosai-oasis/ws2-defenders/blob/main/incident-response/AI%20Incident%20Response.md

Computer Security Resource Center. CSRC White Papers. National Institute of Standards and Technology (NIST) https://csrc.nist.gov/publications/cswp.

Foo, D., Yeo, J., Xiao, H. & Sharma, A. The Dynamics of Software Composition Analysis. Preprint at https://doi.org/10.48550/arXiv.1909.00973 (2019).

“ISO/IEC 27018:2025,” ISO. Accessed: Nov. 17, 2025. [Online]. Available: https://www.iso.org/standard/27018

M. B. Minto, “Google Donates Secure AI Framework (SAIF) Data to Coalition for Secure AI,” OASIS Open. Accessed: Nov. 17, 2025. [Online]. Available: https://www.oasis-open.org/2025/09/16/google-donates-secure-ai-framework-saif-data-to-coalition-for-secure-ai/

Pan, Yuanyuan. “Interactive Application Security Testing.” 2019 International Conference on Smart Grid and Electrical Automation (ICSGEA) (2019): 558-561.

Pulivarti, R. et al. Cybersecurity Threat Modeling the Genomic Data Sequencing Workflow: An Example Threat Model Implementation for Genomic Data Sequencing and Analysis (Draft). https://csrc.nist.gov/pubs/cswp/35/cybersecurity-threat-modeling-the-genomic-data-seq/ipd (2024) doi:10.6028/NIST.CSWP.35.ipd.

Ronald Pulivarti et al., “Genomic Data Cybersecurity and Privacy Frameworks Community Profile,” National Institute of Standards and Technology (NIST), NIST Internal Report NIST IR 8467 2pd, Dec. 2024. Accessed: Nov. 17, 2025. [Online]. Available: https://csrc.nist.gov/pubs/ir/8467/2pd

R. Ross and V. Pillitteri, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations,” National Institute of Standards and Technology, NIST Special Publication (SP) 800-171 Rev. 3, May 2024. doi: 10.6028/NIST.SP.800-171r3.

R. Singh, M. Kumar Gupta, D. R. Patil and S. Maruti Patil, “Analysis of Web Application Vulnerabilities using Dynamic Application Security Testing,” 2024 IEEE 9th International Conference for Convergence in Technology (I2CT), Pune, India, 2024, pp. 1-6, doi: 10.1109/I2CT61223.2024.10543484.

Files

Name Date Added

RDA-AIDV-Template-System-Security-Assessment-Plan.pdf

November 17, 2025 By Natalie Meyers

Download
RDAAIDVTemplateSystemSecurityAssessmentPlanv1.1c.pdf

November 24, 2025 By Natalie Meyers

Download

Comments

No comments found.

You must be logged in or join the group to leave a comment.