NIH’s core security functions remain deficient

NIH’s core security functions remain deficient

Comments Off on NIH’s core security functions remain deficient

The Government Accountability Office (GAO) issued a report on Tuesday stating that the National Institute of Health’s (NIH) core secure function had many security control and program deficiencies. 219 recommendations were published by the GAO for the NIH to improve its cybersecurity posture. According to the report, the risks pertained to identifying risk, protecting systems from threats and vulnerabilities, detecting and responding to cyber security events, and recovering system operations. NIH has already full implemented one third of these recommendations and half had been partially implemented as of June 2021
11 systems were selected as part of the review and the GAO report determined that security program and system control deficiencies place selected NIH information systems at risk and increased the risk that sensitive research and health-related information could be disclosed in an unauthorized manner. . Of the 219 recommendations noted above, 66 were related to the security program and 153 were related to system controls. 25 of those 66 had been implemented by the NIH and 37 of the remaining 153 across the 11 systems selected.
NIH responded to this report in a letter saying “NIH will continue to work with GAO to provide evidence of the actions it has taken to implement recommendations and to keep them updated as the remaining recommendations are completed. We do not anticipate any issues with reaching closure on these matters.”
More information can be found at: https://www.fedscoop.com/nihs-core-security-functions-remain-deficient/

Share this post

Author

Related Posts

28Jun

Cybersecurity Experts Warn of Emerging Threat of “Black Basta” Ransomware

Cybersecurity experts warn of emerging threat "Black Basta" ransomware.... read more

08Dec

DISA’s new HaCC office reflects hybrid cloud reality for DOD

The Defense Information Systems Agency (DISA) has established a... read more

03Feb

Biden Administration Forms Cybersecurity Review Board to Probe Failures

The Biden administration has formed a panel of senior... read more

25Jan

FBI Warns of Cybercriminals Using QR Codes to Steal Funds

The FBI issues warning for consumers using quick response/QR... read more

Email Security, Phishing, Spam,
17Aug

Spot Scams & Phishing with these 10 Email Security Essentials

With every organization interacting primarily with emails, it is... read more

02Jun

ExpressVPN Removes Servers in India After Refusing to Comply with Government Order

Virtual Private Network (VPN) provider ExpressVPN on Thursday announced... read more

Zero Trust Architecture (ZTA), Cybersecurity, Remote work, Cybersecurity
21Apr

Implementing Zero Trust Architecture (ZTA) in the Age of Remote Work

With the rapid shift to remote work, organizations face... read more

07Apr

VMware Releases Critical Patches for New Vulnerabilities Affecting Multiple Products

VMware has released security updates to patch eight vulnerabilities... read more

22Mar

U.S. Government Warns Companies of Potential Russian Cyberattacks

The U.S. government has again warned of possible cyberattacks by Russia... read more

01Dec

Hacker, Journalist Among CISA Directors’ 23 New Cybersecurity Advisors

Following the establishment of the Cybersecurity and Infrastructure Security... read more