The NIH CIT Remediates Critical Public-Facing Cybersecurity Vulnerabilities

Guidehouse collaborated with the National Institutes of Health’s Center for Information Technology to remediate high-risk cybersecurity vulnerabilities and increase configuration management compliance.

The National Institutes of Health (NIH) is a complex organization with 27 Institutes and Centers continuously working to advance and enhance biomedical research. Its Center for Information Technology (CIT) provides and secures enterprise IT services and infrastructure for the NIH.

Guidehouse has helped the NIH advance its critical and complex mission for more than a decade. When the CIT needed help developing and implementing a new Information Security Program, Guidehouse supported the program with nearly every aspect of security operations.

Solution

In 2019, the NIH awarded Guidehouse a one-year project to support the CIT in creating a proactive and strategic cybersecurity risk management program. This project includes improving vulnerability management, configuration management, asset management, incident response, and risk management.

Guidehouse works with CIT teams to understand and document their current state; identify and analyze gaps and redundancies; and develop and implement standardized enterprisewide tools and processes to help the CIT achieve a more integrated approach to cybersecurity.

Supporting the program’s incident response capabilities, Guidehouse also helps CIT leaders respond to incidents, train CIT personnel on NIH’s incident response tool, and run multiple tabletop exercises to practice what they’ve learned and identify areas for continuous improvement.

Impact

  • Remediated overdue critical public-facing and high-risk vulnerabilities in less than six months.
  • Developed a phased approach for testing and deploying configuration settings, increasing configuration management compliance.
  • Supported the CIT in reaching its goal of becoming a proactive security organization and resource for all of NIH.

Guidehouse has since been awarded an additional three years to continue work with the NIH to support the CIT’s cybersecurity strategy.

Ranked the second-largest healthcare consulting firm in 2022 by Modern Healthcare, Guidehouse has delivered cybersecurity solutions to commercial and public sector organizations, including the Centers for Medicare & Medicaid Services, the Centers for Disease Control and Prevention, Anthem, and multiple healthcare providers. Our team includes experts formerly responsible for protecting US national security systems against cyberthreats.

Learn more about Guidehouse’s cybersecurity solutions.


About the Experts

Back to top