HIT Security can performs risk assessments of IT-Enabled systems per Health System Policy IT-001 : Acquisition of IT-Enabled Resources. This risk assessment is NIST based and thus allows for a uniform approach for reviewing information systems that connect to a UVA Health network or involve sensitive data.