Skip Over Navigation Links
Interface Online Center for Information Technology (CIT)
space

Spring 2007 [Number 237]     Printable Version Printable version (421KB PDF)     Download Adobe Reader    Please note that this issue of Interface is an archived issue. Therefore, the information contained in each article may no longer be current.

Index

Previous

Next

The NIH Data Center and FISMA

The NIH Data Center provides a secure computing environment, suitable for applications and data categorized at the low or moderate security level (per FIPS Publication 199, Standards for Security Categorization of Federal Information and Information System). Whether your applications and data are hosted on a CIT-managed general support system or reside on your server in the Customer Server Area, CIT has implemented appropriate security controls conforming to the Federal Information Security Management Act of 2002 (FISMA) to protect your systems.

CIT security controls

CIT maintains physical and host system security controls and procedures to protect the computer hardware, applications, and data from improper access by unauthorized individuals and to ensure continued availability. Significant security controls include:

  • Periodic risk assessments, yearly independent security reviews and penetration testing, formal security plan, and certification and accreditation

  • Procedures for establishing user accounts, controls for identifying and authenticating users, and logical access controls to restrict access to system resources

  • Logging, monitoring, and responding to significant security and system status events

  • Regular system backups, and procedures for recovering and restoring operations following system outages

  • Change control procedures covering hardware and software upgrades and patches

  • Environmental controls and monitoring to ensure a stable Data Center climate, procedures and controls to restrict physical access to the Data Center, and an Uninterruptible Power Supply (UPS) system designed to provide all electrical services to the entire Data Center physical plant

The details are documented in a series of security plans that address the controls covering the Data Center facility itself, including the Customer Server Areas, and each hosting platform - z/OS (mainframe), Unix, and Windows. You can use the plans and the other Data Center certification and accreditation documents as building blocks for your own security plans and certification and accreditations.

Need help or have questions?

For any questions or further information you are welcome to contact Adrienne Yang, Data Center Information Security Officer, at 301-496-1053 or by email: yanga@mail.nih.gov.
 
blank
Published by Center for Information Technology, National Institutes of Health
Accessibility | Disclaimers | Privacy Policy | FOIA | Office of Inspector General
 
CIT logo  NIH logo   HHS logo  USA Gov logo
NIH...Turning Discovery into Health