Subject:                                         FW: Active Directory (AD) Infrastructure

 

 

 

 

 

 

April 23, 2008

 

 

 

 

TO:                 IC Directors

IC Deputy Directors

IC Executive Officers

           

 

FROM:           Chief Information Officer (Acting), NIH

 

 

SUBJECT:    Active Directory (AD) Infrastructure

 

 

As we are all aware, IT security is both a priority and a shared concern across NIH.  We have, and will continue to be faced with strategic choices in how we manage our Active Directory (AD) Infrastructure.  In July 2007, a security penetration test was performed by the Office of Inspector General (OIG), and test results indicated that many of the IC managed AD Child Domains did not properly enforce adequate security controls.  The lack of security controls within the IC managed AD Child Domains created a significant security risk to the entire NIH.  The results of the penetration test results were presented to the Information Technology Working Group (ITWG), and the ITWG directed the consolidation of all IC child domains into the NIH centralized domain.

 

After evaluating alternatives, the NIH Chief Information Officer and the Information Technology Management Committee (ITMC) decided that all ICs must consolidate their AD Child domains within a two year period effective June 1, 2008. 

 

The CC, NCI, NEI, NHLBI, NIA, NIAID, NIAMS, NICHD, NIDA, NIEHS, NIMH, NINDS, NLM, NLM/NCBI, OD, and ORS must:

·       Transition their IC Child Domains to the NIH Domain by June 1, 2010. 

·       Fund the transition of their Child Domain to the NIH Domain.

·       Effective immediately, no new IC accounts, groups, or computer objects should be added to the IC Child Domains unless approved by the NIH Chief Information Officer. 

 

AD Consolidation does not directly affect all ICs; therefore, only the ICs with child domains will be required to fund the transition of their IC to the NIH Centralized AD domain through a mandatory assessment.  The Center for Information Technology (CIT) will work with the ICs to develop transition cost estimates and a transition plan. 

 

Your support of this important security initiative is appreciated. 

 

Should you have any questions or concerns, as always you are encouraged to contact me directly, or contact our CIT lead, Valerie Wampler, at 301-402-7129. 

 

 

 

/s/

John F. Jones, Jr., Ph.D.