Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it's official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you're on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Audit of National Institutes of Health's Cybersecurity Provisions and Related Efforts to the Grant Program

The purpose of this audit is to determine if NIH has controls in place to ensure grants have appropriate cybersecurity provisions. The National Institutes of Health (NIH) is comprised of 27 separate components called Institutes and Centers and is the primary Federal agency responsible for conducting and supporting biomedical research for the purpose of enhancing health, lengthening life, and reducing illness and disability. Annually, NIH invests nearly $39.2 billion in medical research projects on a number of common and rare diseases, including cancer, Alzheimer's, diabetes, arthritis, heart ailments, and AIDS. More than 80 percent of the NIH's funding is awarded through approximately 50,000 competitive grants to more than 300,000 researchers at more than 2,500 universities, medical schools, and other research institutions in every State and around the world.

Specifically, the audit will review NIH's policies and procedures to determine if NIH has controls or requirements in place to ensure grants have appropriate cybersecurity provisions, and review NIH's policies and procedures to test and verify that adequate cybersecurity is in place over the grantee research data.

Announced or Revised Agency Title Component Report Number(s) Expected Issue Date (FY)
May 2020 National Institutes of Health Audit of National Institutes of Health's Cybersecurity Provisions and Related Efforts to the Grant Program Office of Audit Services W-00-20-42027 2021