In response to a heightened need for computer security and incident responsiveness, in 1994 DCRT, now merged into CIT, created a Computer Emergency Response Team. The CIT CERT provides a security incident response capability for CIT to respond to computer security threats both within the division and, as appropriate, within the NIH as a whole.

Overall, the CIT CERT has the following four areas of responsibility:

1. Coordination
   Provide coordination of CIT staff who have security incident response duties during incidents of system and network intrusion and malicious software threats on all CIT owned and operated computing platforms.

2. Communication
   Create an effective alert mechanism and channel of communication to inform CIT management and employees, and the rest of NIH, as appropriate, of potential system vulnerabilities, threats, and steps to guard against such threats. See CIT CERT Advisories to view past advisories.

3. Internal consulting (within CIT)
   Be a technical resource for CIT system security planning, risk analyses, evaluation of security products and procedures, and computer security awareness programs.

4. External consulting (outside of CIT)
   Serve as a technical advisory body to security policy making groups within NIH, PHS, and DHHS, and liaison to legal and criminal investigative groups during investigations.

Page last updated: