Case Study

The NIH CIT Remediates Critical Public-Facing Cybersecurity Vulnerabilities

Guidehouse collaborated with the National Institutes of Health’s Center for Information Technology to remediate high-risk cybersecurity vulnerabilities and increase configuration management compliance.


The National Institutes of Health (NIH) is a complex organization with 27 Institutes and Centers continuously working to advance and enhance biomedical research. Its Center for Information Technology (CIT) provides and secures enterprise IT services and infrastructure for the NIH.

Guidehouse has helped the NIH advance its critical and complex mission for more than a decade. When the CIT needed help developing and implementing a new Information Security Program, Guidehouse supported the program with nearly every aspect of security operations.



In 2019, the NIH awarded Guidehouse a one-year project to support the CIT in creating a proactive and strategic cybersecurity risk management program.1 This project includes improving vulnerability management, configuration management, asset management, incident response, and risk management.

Guidehouse works with CIT teams to understand and document their current state; identify and analyze gaps and redundancies; and develop and implement standardized enterprisewide tools and processes to help the CIT achieve a more integrated approach to cybersecurity.

Supporting the program’s incident response capabilities, Guidehouse also helps CIT leaders respond to incidents, train CIT personnel on NIH’s incident response tool, and run multiple tabletop exercises to practice what they’ve learned and identify areas for continuous improvement.



  • Remediated overdue critical public-facing and high-risk vulnerabilities in less than six months
  • Developed a phased approach for testing and deploying configuration settings, increasing configuration management compliance
  • Supported the CIT in reaching its goal of becoming a proactive security organization and resource for all of NIH

Guidehouse has since been awarded an additional three years to continue work with the NIH to support the CIT’s cybersecurity strategy.

Ranked the third largest healthcare IT consulting firm in 2023 by Modern Healthcare, Guidehouse has delivered cybersecurity solutions to commercial and public sector organizations, including the Centers for Medicare & Medicaid Services, the Centers for Disease Control and Prevention, Anthem, and multiple healthcare providers. Our team includes experts formerly responsible for protecting U.S. national security systems against cyberthreats.


Learn about Guidehouse's Cybersecurity Solutions




Let Us Help Guide You

Complexity demands a trusted guide with the unique expertise and cross-sector versatility to deliver unwavering success. We work with organizations across regulated commercial and public sectors to catalyze transformation and pioneer new directions for the future.

Stay ahead of the curve with news, insights and updates from Guidehouse about issues relevant to your organization and its work.