“It is the intent of the National Library of Medicine (NLM) on behalf of the National Institutes of Health (NIH) Office of the Chief Information Officer (OCIO) to sponsor an Industry Day for the discussion of the Performance Work Statement for the National Institutes of Health Information Security Contract.”
“The main objective of the NIH Information Security Program is to “safeguard the NIH personnel, patients, computers, networks and data that NIH relies on each day to fulfill its mission.” To achieve this objective, the NIH Information Security Program has established the following strategic goals:
- Reduce High Risks: Reduce NIH high risk areas; prioritize/High Value Assets (HVAs)
- Improve Protections: Improve protections for data, infrastructure, and staff
- Complete Visibility: Provide continuous/increased visibility into IT assets, operations, threats, and risks
- Integrate NIH Privacy Coordinators into accreditation and authorization processes…”
“These goals will be achieved via NIH-specific initiatives and government-wide projects to promote IT management best practices, including configuration and patch management, system administration, and change and operations management. These activities will also be accomplished via implementation of DHS Continuous Diagnostic & Mitigation (CDM) program guidance and technologies, the NIH information security modernization initiative, and other NIH and HHS information security projects intended to protect and serve the NIH mission, patients, and staff.”
“The Contractor shall provide information security support services to maintain the overall security posture of the NIH environment…”
“The Contractor shall support the following capabilities:
- Enterprise information security governance, communications, program and project management, and security metrics and reporting
- Threat identification and incident handling, including security event detection and situational awareness
- Security awareness, education, and training…” Read more about the PWS and the proposed Industry Day here.
