NIH Office of the Chief Information Officer (OCIO) Information Security Services
Since our inception, Compass has partnered with the NIH OCIO to provide a wide variety of strategic, operational and analytical security services across the entire NIH enterprise and for the individual Institutes and Centers (ICs).
The Challenge
Select, architect, implement, and manage Enterprise-wide vulnerability and configuration compliance scanning tools
Our Solution
Compass successfully helped NIH evaluate the top tools in the market, developing business and technical requirements documents in partnership with OCIO management and the ICs.
- We selected tools that fit the NIH’s federated nature, providing NIH with the capability to centrally manage the tools while offering the ICs the ability to run supplemental scans.
- We gather the data from the tools to create reporting, working with the ICs to ensure remediation is occurring.
- We recommend and implement upgrades and improvements over time to offer NIH the latest in vulnerability identification and protection.
Results
NIH has been successfully using these tools for several years, successfully scanning over 100,000 IP addresses and thousands of Applications/Systems.
We have identified and helped remediate or mitigate all the vulnerabilities uncovered, validated through ongoing, regular scanning efforts.
We have used the reporting to communicate areas of strength and weakness, while providing all the required reporting to Senior NIH Managers, HHS and DHS in an automated fashion.
The Challenge
Select, architect, implement, and manage Enterprise-wide vulnerability and configuration compliance scanning tools
Our Solution
Compass successfully helped NIH evaluate the top tools in the market, developing business and technical requirements documents in partnership with OCIO management and the ICs.
- We selected tools that fit the NIH’s federated nature, providing NIH with the capability to centrally manage the tools while offering the ICs the ability to run supplemental scans.
- We gather the data from the tools to create reporting, working with the ICs to ensure remediation is occurring.
- We recommend and implement upgrades and improvements over time to offer NIH the latest in vulnerability identification and protection.
Results
NIH has been successfully using these tools for several years, successfully scanning over 100,000 IP addresses and thousands of Applications/Systems.
We have identified and helped remediate or mitigate all the vulnerabilities uncovered, validated through ongoing, regular scanning efforts.
We have used the reporting to communicate areas of strength and weakness, while providing all the required reporting to Senior NIH Managers, HHS and DHS in an automated fashion.