National Institutes of Health – Cybersecurity

Information System Security – At the National Library of Medicine (NLM), our IT security analysts perform vulnerability scans and provide the results to each responsible group to ensure that vulnerabilities are handled properly and in adherence to NIH and NLM policies. They perform daily vulnerability scans of the OCCS environment as well as the NLM network perimeter to include applications, operating systems, and remote executable elements. They develop and maintain the necessary documentation required to maintain OCCS’s security posture and comply with all NIST, Department of Health & Human Services (HHS), NIH, and NLM security assessment and authorization (A&A) policies and guidelines. NLM is currently using the Tenable suite of products (Nessus and SecurityCenter) to maintain their security posture.

We are also in the process of evaluating cloud based and cloud-focused products to help more efficiently identify vulnerabilities in NLM’s cloud instances and virtualized environments. AAC took on the task of drafting NLM’s first Security Handbook, providing NLM with organization-specific guidance and best practices tailored to their environment. AAC desktop security personnel resolve security-related tickets such as infected systems, failed security patches, IT Security Risk Evaluations for new software, and remediate security incidents found by the NIH Incident Response Team (IRT).