Introduction
The Federal Information Security Management Act of 2002, and subsequently the Federal Information Security Modernization Act of 2014 (FISMA), requires that Federal agencies develop and maintain information security programs that protect Federal information and information systems commensurate to the sensitivity and value of the data. NIH’s Information Security Program takes a risk-based approach to information security and focuses on three key areas: reduce high risks, improve visibility, and strengthen protections. Each key area is composed of priority actions that rely on a foundation of IT management best practices, including configuration management, patch management, system administration, operations management, and change management.
To support NIH’s unique mission as the world leader in biomedical research, NIH relies on information systems that operate continuously, maintain a high degree of scientific and financial integrity and ensure information is protected from inappropriate disclosure. Research scientists, clinicians, medical and administrative staff each take responsibility and work collaboratively to ensure our data and the computing resources we use are maintained securely.