Risk Management Program Implementation at the NIH

The National Institute of Neurological Disorders and Stroke (NINDS) at the National Institutes of Health (NIH) required a comprehensive solution to ensure compliance with Federal Information Security Management Act (FISMA) mandates and to continuously monitor and protect critical biomedical research data from cyber-attacks. As a world leader in neuroscience research, NINDS relies on numerous information systems to achieve its mission. LCG implemented a comprehensive Risk Management Program that included conducting National Institute of Standards and Technology/SANS compliant Security Assessments and Authorizations on over 30 systems and building a Security Operations Center (SOC). The SOC provides multilayered defense that protects over 500 systems and over 25 TB of sensitive grant and biomedical research data. As a result, NINDS has achieved and continues to maintain full compliance with FISMA, NIST, SANS and NIH security and information assurance requirements.