DC-01

NIEHS will fulfill NIST 800-53 series requirements for certification and accreditations with NIH. The NIH Chief Information Security Officer (CISO) monitors compliance to federal IT policy and authorization. NIST guidance is required under federal mandates. The NIH CISO signed approval in 2018 for NIEHS GSS Authorization to Operate (ATO).

DC-02

NIEHS will actively provide automated PUE compliance measurements. The PUE measurement is a key component of the federal data center consolidation initiative. The existing compliance metric is 1.5 for existing data centers. NIEHS reports an average of 1.8, down from 2.3.

DC-03

NIEHS will design a redundant architecture to ensure that viable options exist to maintain service availability. NIEHS will ensure multiple paths for communications when possible, such as with NIH connections. The institute will also improve the risk profile of this hub with enhanced environmental controls for HVAC and UPS systems; monitor the service performance for these connections and increase usage of redundant architecture; and continue to build to this objective with the F module facilities.

DC-04

NIEHS will prioritize automation for the measurement of server usage. Software tools will measure and report on physical server processor utilization. The federal data center consolidation initiative requirements mandate this metric. The metric for data centers like the institute one is greater than 65 percent average by formula during primary working hours. There are several related projects underway to evaluate and improve monitoring.

DC-05

NIEHS will manage data center hardware to ensure it remains viable in terms of equipment age and mean time to failure. Hardware lifecycle minimizes risk and supports the most modern technology. The institute will monitor vendor mandated end-of-service and end-of-support dates. Two years of lifecycle replacements have helped with hardware modernization.

DC-06

To support cloud-hosted technologies, NIEHS will provide fast connections to NIH and the internet. Connection speed enhances user experience and increases likelihood of operational success. NIEHS will monitor the two 10G connections to NIH, along with the associated connectivity for those connections. A proof of concept is completed. The status is Green.

DC-07

NIEHS will explore Platform as a Service (PaaS) as a viable option when evaluating I&IT solutions. The cloud-first objective is a federal priority. Project teams will include evaluation of cloud PaaS solutions early in their evaluation plans. Two cloud pilots have been completed.

DC-08

NIEHS will include NIH services in the analysis of optimal I&IT solutions. The diverse institute scientific and administrative community requires the best technology choices, and NIH offers many services now. When appropriate, NIEHS will make greater use of NIH services, such as the Biowulf cluster and cloud offerings, and will monitor user satisfaction when NIH services are used. NIEHS currently uses Biowulf and some cloud systems, but will expand usage.

DC-09

NIEHS will include robust analysis of technology options as part of project management baselines. The institute will evaluate available technologies to ensure the most advantageous choices. Providing this robust analysis aligns with FITARA requirements. Recent initiatives for moving desktop products and email to the cloud have been completed, and other technologies will follow.

DC-10

NIEHS will provide robust and efficient operations and maintenance support for servers and storage to meet mission requirements. The data center will host servers and storage that meet the needs of the scientific and administrative operations. The institute will maintain 99 percent availability for these I&IT services. NIEHS currently uses NetApp and DDN storage and backup technologies that provide group shares, scientific storage, and primary data locations for all users, along with more than 300 servers that support diverse needs.

DC-11

NIEHS will ensure a quality data backup posture, including adequate disaster recovery for primary storage. Backups are required in case of outages and emergencies that impact data availability, integrity, and operations. Primary operations for data storage will report monthly on backup quality. Backup systems exist, but improvement is needed.

DC-12

NIEHS will utilize modern technology to maximize virtualization, which supports many advantages in server and data center management. It saves hardware and power, as well as enhances portability. The institute currently uses VMWare, which offers robust performance reporting. The institute will conduct a review of this service and document needed actions. The metric from the federal mandates for virtualization is a ratio greater than 4.0 to physical servers. The current ratio in the data center is 3.0.

DC-13

NIEHS will prioritize continuous improvement in data center server technology. The institute will support and enhance diverse scientific needs with better graphics processor units and more powerful server processing; and invest in blade technologies to meet server technology objectives. Providing these improvements will improve power and space efficiency. These technology improvements will directly enhance the scientific user experience for data center services. NIEHS has significant hardware procurements moving forward.

DC-14

NIEHS will design facilities and logical access with the concept of least privilege. To ensure I&IT integrity, these controls will be continuously improved. A proposed project to improve communications closets in scientific areas will support this objective. Accountable access will be monitored in the centralized logging tools and reports generated for the ISSO. The institute has active initiatives to improve.