NIH Generally Implemented System Controls Over the Sequence Read Archive But Some Improvements Needed

Date Issued

Wednesday, February 7, 2024

Submitting OIG

Department of Health & Human Services OIG

Other Participating OIGs

Department of Health & Human Services OIG

Agencies Reviewed/Investigated

Department of Health & Human Services

Components

National Institutes of Health

Report Number

A-18-22-03300

Report Type

Audit

Location

DC
United States

Number of Recommendations

Questioned Costs

Funds for Better Use

Open Recommendations

This report has 3 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
24-A-18-041.01	No	$0	$0
Brown & Company recommends that the NIH complete the security categorization in accordance with FIPS Pub 199 to include documenting results and supporting rationale in the security plan.
24-A-18-041.02	No	$0	$0
Brown & Company recommends that the NIH conduct a system-level risk assessment for the SRA in accordance with NIST SP 800-53 requirements and NIH polices.
24-A-18-041.03	No	$0	$0
Brown & Company recommends that the NIH ensure that the data normalization policy and procedures comply with Federal requirements to include defining roles and responsibilities.