CLA recommends that the National Institutes of Health management implement the recommendations below to enhance cybersecurity controls over its grant program. 1. Assess its grant award programs to determine which grants should require additional cybersecurity protections due to research potentially including sensitive and confidential data or NIH intellectual property or both.