Implement periodic security training for all employees and contractors. U.S. critical infrastructure remains vulnerable to cyberattacks. CISA’s recommendations can reduce prevailing cyber threats to infrastructure sectors and help disrupt Volt Typhoon and other malicious cyber actors from accessing critical...
did not have an adequate pre-award risk assessment process that could capture cybersecurity threats, that NIH does not include specific cybersecurity provisions in its policies, and that NIH does not conduct adequate post-award monitoring to ensure award recipients maintain cybersecurity preventions....