Confidentiality, integrity, and availability of NIH information and information systems such that the level of protection is commensurate with risk.
Technology Architecture
Security:27 related definitions
Brick
-
Identification and Authentication Brick:
-
This standard establishes NIH Login as the required method of implementing authentication in web-based applications at the NIH. Authenticated....
-
Intrusion Detection Brick:
-
Vulnerability Analysis. Internet-based attack tools are becoming increasingly sophisticated and increasingly easy to use. NIH's network could contain....
-
Network Access Control Brick:
-
Network Access Control will be used to enforce authentication, compliance, and remediation policy for every device that connects to the NIH....
-
NIH Federated Identity - Authentication / Authorization Brick:
-
The goal of NIH’s Federated Identity service is to give a person the ability to use the same user name, password, or other personal identification to....
-
NIH Federated Identity - Identity Provider Brick:
-
The goal of NIH’s Federated Identity service is to give a person the ability to use the same user name, password, or other personal identification to....
-
NIH Federated Identity - Protocols Brick:
-
The goal of NIH’s Federated Identity service is to give a person the ability to use the same user name, password, or other personal identification to....
-
RETIRED - Access Control Brick:
-
This topic has been determined as too broad for one document or standard to properly address and reconcile. As such, we feel we can archive this....
-
RETIRED - Confidentiality Brick:
-
This topic has been determined as too broad for one document or standard to properly address and reconcile. As such, we feel we can archive this....
-
RETIRED - Event Monitoring and Analysis Brick:
-
This topic has been determined as too broad for one document or standard to properly address and reconcile. As such, we feel we can archive this....
-
RETIRED - Integrity Brick:
-
This topic has been determined as too broad for one document or standard to properly address and reconcile. As such, we feel we can archive this....
-
Secure Email Brick:
-
Secure email is a method of establishing trust and securing email communications and attachments exchanged between NIH and external users.
The....
-
Vulnerability Tools Brick:
-
Vulnerability Analysis. Internet-based attack tools are becoming increasingly sophisticated and increasingly easy to use. NIH's network could contain....
Pattern
-
Business Partner Boundary Services Pattern:
-
This boundary is between NIHnet and a business partner. The business partner domain is assumed to be untrusted primarily because it is not under....
-
Federation Pattern:
-
The goal of NIH’s Federated Identity service is to give a person the ability to use the same user name, password, or other personal identification to....
-
High-Level Security Pattern:
-
The following diagram presents the security architecture patterns in an overall context. Each pattern is a definition of the security services and....
-
Internet Boundary Services Pattern:
-
This pattern defines the boundary architecture between NIHnet and the public Internet. This boundary is where the majority of external access to....
-
Level 1 System Boundary Services Pattern:
-
This boundary applies to Level 1 servers. These servers are generally used to provide information to external organizations and to the general....
-
Level 2 System Boundary Services Pattern:
-
This boundary addresses Level 2 systems. These systems are generally available to NIH employees and business partners who are involved in day to day....
-
Level 3 System Boundary Services Pattern:
-
This pattern addresses the requirements of the most sensitive systems within NIH. These systems contain information that is subject to HIPAA and....
-
Network Access Control Pattern:
-
NIH and its Institutes and Centers (ICs) are continually under computer attack from individuals and organizations, requiring NIH to take a defensive....
-
NIHnet/ICnet Boundary Services Pattern:
-
NIHnet/ICnet Boundary Services Pattern Printer-Friendly Version Description This boundary is between the NIHnet backbone and any IC sub network....
-
Remote Access/Wireless Boundary Services Pattern:
-
The remote access boundary applies to all forms of remote access including Internet or business partner VPN, dial in remote access, and wireless. By....
-
Secure Email Middleman Pattern:
-
This pattern depicts an alternative method for NIH and external users to exchange secure emails that are received and read by external users when....
-
Service-Oriented Architecture (SOA) Security Pattern:
-
The SOA Security Pattern addresses security along four dimensions: Authentication – It must be possible for the service provider to ascertain the....
-
Trusted User Boundary Services Pattern:
-
This boundary pattern addresses the controls required for a trusted client to locally (that is, physical connection to an NIH managed network within....
Principles
-
Security Principles:
-
High level statements of NIH's fundamental values that guide decision-making for IT security.
Regulatory and Policy Drivers
-
Security Policies:
-
Links to Federal websites that describe laws, regulations, and policies that impact information system security at NIH.
Go to top