Guest post by Dipak Bhattacharyya, Chief Information Officer of the NIH Center for Scientific Review (CSR), originally released on the Review Matters blog
CSR will conduct all summer peer review meetings using one of three platforms – 1) video; 2) telephone; 3) web-based discussion. A majority will take place using the Zoom video platform. We want to provide information about how we are maintaining the security and confidentiality of our review meetings.
The Zoom video platform that we are using is not the same as that used by schools or by you at home. Instead, we are using a FedRAMP-certified version of Zoom within the zoomgov.com domain. It meets requirements for other agencies that handle very sensitive information, including the Department of Homeland Security. FedRAMP certification means, for reviewers, the platform can be used without risking installation of malware and, for applicants, meetings remain confidential. Key features include:
– All video traffic is highly encrypted and continuously monitored via stringent security controls in place
– Strong configuration management is in place to prevent any unauthorized change of system
– All video traffic is managed by a U.S.-based company (Amazon Web Services government cloud) and stays in the U.S.
To ensure confidentiality of review meetings, we’ve imposed additional security settings that limit meeting attendance to reviewers and NIH staff and prevent recording of information. No one can attend a CSR Zoom meeting without invitation and vetting. Settings CSR has imposed include:
– Enabling passwords
– Requiring confirmation of identity of meeting participants
– Disabling recording, screen sharing, livestreaming, autosaving of chats
For more general information on cyber security at NIH, see the April 8 2020 Open Mike post.