Audit of National Institutes of Health's Cybersecurity Provisions and Related Efforts to the Grant Program
The purpose of this audit is to determine if NIH has controls in place to ensure grants have appropriate cybersecurity provisions. The National Institutes of Health (NIH) is comprised of 27 separate components called Institutes and Centers and is the primary Federal agency responsible for conducting and supporting biomedical research for the purpose of enhancing health, lengthening life, and reducing illness and disability. Annually, NIH invests nearly $39.2 billion in medical research projects on a number of common and rare diseases, including cancer, Alzheimer's, diabetes, arthritis, heart ailments, and AIDS. More than 80 percent of the NIH's funding is awarded through approximately 50,000 competitive grants to more than 300,000 researchers at more than 2,500 universities, medical schools, and other research institutions in every State and around the world.
Specifically, the audit will review NIH's policies and procedures to determine if NIH has controls or requirements in place to ensure grants have appropriate cybersecurity provisions, and review NIH's policies and procedures to test and verify that adequate cybersecurity is in place over the grantee research data.
|Announced or Revised||Agency||Title||Component||Report Number(s)||Expected Issue Date (FY)|
|May 2020||National Institutes of Health||Audit of National Institutes of Health's Cybersecurity Provisions and Related Efforts to the Grant Program||Office of Audit Services||W-00-20-42027||2021|