Why GAO did this study. NIH responsibilities include conducting research on the prevention of infectious diseases such as COVID-19, administering over $30 billion annually in medical research grants, and supporting research on pathogens, including those that have the potential to pose a severe threat to public health and safety. In carrying out its mission, NIH relies extensively on information technology systems to receive, process, and maintain sensitive data. Accordingly, effective information security controls are essential to ensure the confidentiality, integrity, and availability of the agency’s systems. GAO was asked to examine cybersecurity at NIH. In June 2021, GAO issued a limited official use only report on the extent to which NIH had effectively implemented system controls and an information security program to protect the confidentiality, integrity, and availability of its information on selected information systems. This current report is a public version of the June 2021 report based on GAO’s review of the agency’s information security program and 11 selected systems. In addition, for this public report, GAO determined the extent to which NIH has taken corrective actions to address the previously identified security program and system control deficiencies and related recommendations for improvement. GAO reviewed supporting documents regarding NIH’s actions on the previously identified recommendations.
Copyright:
The National Library of Medicine believes this item to be in the public domain. (More information)