Statement of Organization, Functions, and Delegations of Authority, 53152-53155 [2019-21629]
Download as PDF
<![CDATA[
53152
Federal Register / Vol. 84, No. 193 / Friday, October 4, 2019 / Notices
new International Bridge location and
design; describes the environmental
impacts of the proposed project and
proposed mitigation; and addresses
comments received on the Draft
Supplemental Environmental Impact
Statement/Draft Programmatic Section
4(f) Evaluation issued on November 26,
2018.
The Preferred Alternative is identified
as LPOE Alternative C and Bridge
Alternative 2 (bridge replacement with
a steel plate girder bridge with six spans
and five piers, west of the existing
bridge) from the Draft Supplemental
Environmental Impact Statement.
The new LPOE would consist of a
main administration building and
support building with parking,
circulation and processing areas. The
new LPOE would be designed in
accordance with the requirements and
criteria of the GSA and CBP to provide
facilities adequate for fulfilling the
agencies’ respective missions. Portions
of Mill Street and Main Street adjacent
to the LPOE may be reconstructed or reprofiled to provide smooth ingress and
egress to the LPOE. The Proposed
Action includes the demolition of the
existing LPOE.
The new International Bridge would
be designed in accordance with
MaineDOT standards with a design life
of at least 75 years. The Proposed
Action includes the demolition of the
existing International Bridge.
In accordance with GSA Order #ADM
1095.1F Environmental Considerations
in Decision Making and 23 CFR 771
Environmental Impact and Related
Procedures, GSA and FHWA expect to
complete and sign a Record of Decision
(ROD) no sooner than 30 days after
publication of the FSEIS Notice of
Availability in the Federal Register by
the U.S. Environmental Protection
Agency.
Dated: September 23, 2019.
Drew Dilks,
Acting Division Director, Design and
Construction, Public Buildings Service.
[FR Doc. 2019–21691 Filed 10–3–19; 8:45 am]
BILLING CODE 6820–FP–P
khammond on DSKJM1Z7X2PROD with NOTICES
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Centers for Disease Control and
Prevention
Statement of Organization, Functions,
and Delegations of Authority
Part C (Centers for Disease Control
and Prevention) of the Statement of
Organization, Functions, and
Delegations of Authority of the
VerDate Sep<11>2014
16:49 Oct 03, 2019
Jkt 250001
Department of Health and Human
Services (45 FR 67772–76, dated
October 14, 1980, and corrected at 45 FR
69296, October 20, 1980, as amended
most recently at 84 FR 45152–45153,
August 28, 2019) is amended to
reorganize the Office of the Chief
Information Officer, Office of the Chief
Operating Officer, Office of the Director,
Centers for Disease Control and
Prevention.
Key functional changes include the
abolishment of the Information
Technology Services Office,
Management Information Systems
Office and the Office of the Chief
Information Security Officer and the
creation of an organizational structure
that is customer centric and fosters
modernization.
Section C–B, Organization and
Functions, is hereby amended as
follows:
Delete in its entirety the title and the
mission and function statements for the
Office of the Chief Information Officer
(CAJR) and insert the following:
Office of the Chief Information Officer
(CAJR). The mission of the Office of the
Chief Information Officer (OCIO) is to
administer the Centers for Disease
Control and Prevention’s (CDC)
information resources and information
technology programs including
collection, management, use, and
disposition of data and information
assets; development, acquisition,
operation, maintenance, and retirement
of information systems and information
technologies; IT capital planning;
enterprise architecture; information
security; education, training, and
workforce development in information
and IT disciplines; development and
oversight of information and IT policies,
standards, and guidance; and
administration of certain other general
management functions and services for
CDC.
Office of the Director (CAJR1). (1)
Provides leadership, direction,
coordination, support and assistance to
CDC’s programs and activities to
enhance CDC’s strategic position in
public health informatics, information
technology, and other information areas
to optimize operational effectiveness (2)
represents CDC with various external
stakeholders, collaborators, service
providers, and oversight organizations;
(3) maintains liaison with HHS officials;
(4) directs the strategic objectives and
operations of offices within the OCIO to
ensure effective and efficient service
delivery; (5) provides strategic and
tactical management of CDC’s IT
investments and initiatives; (6) delivers
change management support to promote
the adoption of technology solutions
PO 00000
Frm 00055
Fmt 4703
Sfmt 4703
and process improvements; (7) manages
and ensures proper execution of
enterprise projects and programs; (8)
directs IT research and development
priorities; (9) leads, plans, and manages
CDC’s information technology (IT)
budget development and review
processes; (10) plans and directs the
Capital Planning Investment Control
processes; (11) develops and monitors
earned value management (EVM)
analyses of project cost, schedule and
deliverable commitments; (12) provides
guidance to program and project
managers on the use of tools for
preparing investment documentation
that meet CDC, HHS, and OMB
requirements; (13) provides guidance to
program and project managers on
Technology Business Management; and
(14) supports CDC information resource
governance structures.
Office of Business Operations
(CAJR16). (1) Provides leadership,
oversight, and guidance for OCIO’s
centralized accounting, acquisition and
budget services; (2) provides guidance,
oversight, and coordination of OCIOs
organizational design and human
capital management; (3) provide OCIO
IT policy coordination; (4) provides
expertise in interpreting applicable
laws, regulations, policies, and offers
guidance, direction, and coordination in
resolving issues; (5) advises and assists
the CDC Chief Information Officer,
OCIO office directors, and senior staff
on all matters regarding internal
business service operations; (6)
maintains internal controls; (7) provides
leadership and strategic support in the
determination of long-term operational
needs; (8) provides collaboration and
centralized consolidation of office
reporting requirements; (9) provides
strategic planning and coordination of
OCIO transformation projects and
initiatives; (10) provides leadership,
oversight, and guidance for OCIO
enterprise risk management, continual
process improvement; performance
measures and evaluation; (11) provides
and oversees the delivery of OCIO-wide
administrative management and support
services in the areas of fiscal
management, personnel, travel, records
management, vendor management,
internal controls, and other
administrative services; (12) plans,
develops, manages and conducts
oversight of OCIOs information
technology and services contracts; and
(13) provides coordination and
oversight for internal and external OCIO
communications.
Enterprise Data Office (CAJR17). (1)
Develops, promotes, implements, and
evaluates data science approaches for
improved research of large and complex
E:\FR\FM\04OCN1.SGM
04OCN1
khammond on DSKJM1Z7X2PROD with NOTICES
Federal Register / Vol. 84, No. 193 / Friday, October 4, 2019 / Notices
data sets; (2) maintains and leverages
data acquired from multiple sources; (3)
develops and implements solutions to
strengthen information systems and
reporting; (4) develops and implements
computer-based decision support tools
and mobile applications; (5) collaborates
with other CDC programs to develop
and promote informatics solutions for
improving data management, practice,
and preparedness; (6) identifies needs
and develops strategies and approaches
to acquire and manage enterprise
statistical software licenses; (7) develops
internal cost allocation methods and
coordinates allocation of costs for
annual license renewal payments; and
(8) coordinates and manages an
enterprise data governance program and
procedures to maintain ‘‘fit for purpose’’
standards and decision rights for
enterprise data.
Customer Engagement Office,
(CAJRH). The Customer Engagement
Office oversees agency-wide OCIO
customer relationships, account
management, innovation and research
and development agenda for business
and administrative systems.
Office of the Director (CAJRH1). (1)
Provides account management
representing the entire range of OCIO
products and services to OCIO
customers; (2) maintains and expands
OCIO customer relationships; (3)
manages OCIO help desk response,
coordination, tracking and reporting; (4)
provides and maintains end user
support services for OCIO products and
devices; (5) collaborates with OCIO
offices and customers in support of IT
innovation and to achieve program
outcomes; and (6) ensures the execution
of OCIO’s research and development
agenda.
Program Services Branch (CAJRHB).
(1) Focuses on improving the end-to-end
experience of OCIO customers and
fostering a customer-first mentality by
serving as the day-to-day point of
contact; (2) works with other OCIO units
to better understand technology users’
experiences and to align OCIO products
and services to customer needs; (3)
creates customer interview and survey
guides, journey maps, and personas; (4)
develops and strengthens OCIO’s
customer experience abilities and
processes by helping teams adapt to
shifting customer preferences; (5)
applies research strategies and outputs
to shed light on customer perspectives
and collect customer feedback; and (6)
coordinates solution development
efforts to address customer needs.
Customer Assistance Branch
(CAJRHC). (1) Serves as the first line of
help when customers encounter
problems or defects with products and
VerDate Sep<11>2014
16:49 Oct 03, 2019
Jkt 250001
programs; (2) provides end user services
support including installs, moves, adds
and changes, and desk-side support; (3)
manages and coordinates product,
service, systems and infrastructure help
desk; (4) answers and addresses
customer problems directly; (5)
escalates customer problems and
questions to appropriate OCIO office or
branch staff and tracks open help desk
tickets to resolution; (6) provides
meeting support services including
electronic meeting systems; and (7)
manages, conducts, and monitors OCIO
supported device deployment and
refresh activities.
Emerging Technology & Design
Acceleration Branch (CAJRHD). (1)
Collaborates with CDC programs and
external partners to develop innovative
technologies and techniques to
positively impact public health practice;
(2) executes OCIO’s research and
development agenda in support of
advancing public health programs and
enterprise IT; (3) prototypes products
and processes and gathers user feedback
to evaluate and refine big ideas to
prioritize investments; (4) develops,
implements and maintains OCIO’s
intake process for new mission-based
technology requests; (5) transitions new
technology-based solutions, standards,
and techniques to programs for
deployment and implementation; (6)
provides consultation, evaluation,
guidance, and support in the use of new
informatics solutions and architecture;
(7) works directly with customers to
facilitate design sessions that integrate
human-centered design principles; (8)
rapidly defines problems, facilitates
design sessions, creates prototypes,
conducts pilot projects, and examines
and tests hypotheses to support
information technology solutions; and
(9) participates and represents the
agency on technology innovation
committees, workgroups, organizations,
and councils, within CDC and with
other federal agencies.
Digital Services Office (CAJRJ). The
Digital Services Office (DSO) oversees
agency-wide business and
administrative customer facing
information technology solutions and
OCIO’s modernization roadmap.
Office of the Director (CAJRJ1). (1)
Manages and approves new product
development and deployments for all
customer facing solutions; (2) executes
the OCIO modernization strategy and
roadmap, and ensures adequate
resources are available to achieve the
organization’s strategic goals and
objectives; (3) provides approval for and
ensures the execution of OCIO product
lifecycle roadmaps; (4) facilitates crossfunctional collaboration across OCIO to
PO 00000
Frm 00056
Fmt 4703
Sfmt 4703
53153
achieve targeted performance goals and
business outcomes; (5) provides identity
and access management services to meet
current and future organizational needs;
(6) ensures efficient operations and
proper maintenance of all network,
security, storage and computer systems;
(7) works with the Cybersecurity
Program Offices to address identified
application, system, network and
infrastructure performance issues; (8)
ensures the availability of a modern,
customer-driven IT workforce within
DSO; and (9) coordinates, tracks, and
manages project assignments for all DSO
human and technology resources.
Technology Solutions Branch
(CAJRJB). (1) Identifies, tests and
integrates new technologies and digital
services; (2) ensures products and
services align to customer needs and
meet OCIO’s modernization and
transformation strategic objectives; (3)
standardizes and enhances technology
and service development practices; (4)
obtains and manages cloud computing
services from cloud service providers;
(5) designs, deploys and maintains
Software as a Service (SaaS), Platform as
a Service (PaaS), and Infrastructure as a
Service (IaaS) such as virtual machines,
networks and databases; (6) identifies
optimization opportunities and
coordinates technology modernization
efforts; and (7) operates and maintains
business and mission systems,
including change requests, release cycle
management, and decommissioning of
redundant or outdated technology.
Product Management Branch
(CAJRJC). (1) Manages the vision and
strategy for OCIO products and ensures
alignment to customer needs and
modernization goals; (2) works across
OCIO service teams as well as with
other OCIO offices and customers to
define current and future product
capabilities and requirements; (3)
establishes and maintains product
lifecycle roadmaps; (4) coordinates
cross-service and cross-product
collaboration; (5) maintains all network,
security, storage and computer systems
to support global mission activities; (6)
detects and responds to global incidents
that affect network performance and
availability; (7) develops and maintains
backup and recovery processes to enable
global IT services, and global help desk
support capabilities; and (8) collaborates
with partners to implement countryspecific IT regulations and
requirements.
Identity and Access Management
Branch (CAJRJD). (1) Develops and
maintains CDC’s identity and access
management (IAM) strategy; (2) designs
and deploys identification standards for
federal employees, contractors and
E:\FR\FM\04OCN1.SGM
04OCN1
khammond on DSKJM1Z7X2PROD with NOTICES
53154
Federal Register / Vol. 84, No. 193 / Friday, October 4, 2019 / Notices
external partners; (3) designs,
implements and deploys IAM services;
(4) performs identity attribute
management; and (5) manages identity
governance for the enterprise.
Infrastructure Services Branch
(CAJRJE). (1) Maintains and monitors all
IT infrastructure for network, security,
data centers, storage,
telecommunications, and computer
systems; (2) works with the
Cybersecurity Program Office to detect
and respond to incidents that affect
network performance and availability,
and security of information assets; (3)
coordinates approved changes and
upgrades to the CDC infrastructure
environment; (4) develops and
maintains backup and recovery
processes to maintain continuity of
operations; and (5) collaborates with
Customer Engagement Office to
facilitate appropriate help desk support
capabilities.
Cybersecurity Program Office
(CAJRK). The Cybersecurity Program
Office oversees agency-wide cyber
functions, privacy, risk management,
threat protection, and compliance to
ensure the safety of CDC’s public health
mission.
Office of the Director (CAJRK1). (1)
Manages CDC privacy policies,
procedures, and processes; (2) ensures
compliance with Federal Information
Security Management Agency (FISMA),
OMB, HHS, CDC and other government
mandates, and regulations; (3)
establishes and oversees CDC
information security risk management
and compliance activities; (4) provides
and manages a centralized network and
security operations command and
control center; (5) provides oversight
and implementation of Information
Security Continuous Monitoring (ISCM)
activities, including maintenance of the
agency’s Continuous Diagnostics and
Mitigation (CDM) program; (6) manages
CDC cybersecurity related insider threat
detection, response, and security
awareness training programs; (7)
manages and executes privacy incident
response, including compliance and
remediation efforts; (8) performs
Personally Identifiable Information (PII)
inventory and data classification
mapping; and (9) works with OCIO
offices and customers to effectively
implement privacy standards in support
of program outcomes.
Policy Branch (CAJRKB). (1) Works
with OCIO development and operations
teams to identify and adapt applicable
standards and service level agreements
(SLAs) for OCIO products and services;
(2) ensures CDC-wide compliance and
adherence to applicable FISMA and
other federal mandates, standards,
VerDate Sep<11>2014
16:49 Oct 03, 2019
Jkt 250001
practices and policies; (3) oversees an
annual security policy review and
approval process; (4) develops and
manages CDC Cybersecurity policies; (5)
determines security requirements for IT
systems to receive an authority to
operate (ATO) and connect to agency
systems and networks; and (6) performs
ongoing authorization of information
technology systems.
Risk and Compliance Branch
(CAJRKC). (1) Establishes and
implements information security risk
management protocols and processes;
(2) performs penetration testing of all
external and important systems; (3)
conducts security architecture reviews
of key technologies; (4) provides FISMA
management, including audits of agency
IT assets (architecture, hardware,
software, networks, hosted applications,
etc.) for possible security risks and
compliance to cybersecurity standards
and policies identified by the
Cybersecurity Policy Branch; (5)
manages corrective efforts for security
weaknesses, including Plan of Action
and Milestones (POA&Ms); (6) collects,
synthesizes and reports on compliance
to standards and cybersecurity
incidents, including risks, issues,
incidents, violations, and the status of
remediation efforts; and (7) develops
and implements cyber and information
security awareness activities and
training.
Advanced Threat Protection Branch
(CAJRKD). (1) Administers the
integrated Network Operations Center
(NOC) and Security Operations Center
(SOC) central command and control
Systems Management Team (SMT) for
monitoring, triaging, troubleshooting
and escalating all detected, reported, or
potential security incidents,
performance issues, enterprise services
and infrastructure operations; (2)
oversees Computer Security Incident
Response (CSIR); (3) monitors network,
systems, infrastructure, and application
security; (4) establishes network
defenses through proactive and reactive
measures; (5) identifies and mitigates
network intrusion attempts; (6)
investigates security policy violations
and other cybersecurity-related
anomalies; (7) conducts technical and
operational cybersecurity vulnerability
assessments and manages remediation
efforts; (8) conducts code vulnerability
and penetration testing, including
detailed packet analysis on triggered
events and malicious code, and
troubleshoots identified threats and
vulnerabilities; (9) applies and
coordinates directed cybersecurity
compliance requirements; (10)
coordinates reporting and incident
response actions with DHS US–CERT,
PO 00000
Frm 00057
Fmt 4703
Sfmt 4703
HHS CSIRC and/or other external
entities; (11) provides tool management
and configuration to implement,
configure and maintain the capabilities
and tools used to deter and detect
threats, risks, and vulnerabilities on the
CDC enterprise network; (12) develops,
deploys and maintains security
products and tools to the CDC
environment; (13) deploys, configures
and operates CDC enterprise firewalls;
(14) designs, implements and maintains
security controls, develops and deploys
continuous monitoring systems within
the infrastructure environment; (15)
deploys, configures and operates CDC
enterprise Continuous Diagnostics &
Mitigation (CDM) tools; and (16)
consolidates critical IT data from
disparate sources into meaningful data
sets used to effectively conduct cyber
Hunt activities across the enterprise.
Engineering and Technologies Branch
(CAJRKE). (1) Develops and maintains
security architecture and engineering
procedures, policies and frameworks
including firewall policy; (2) provides
technical security architecture and
engineering advice and expertise to
OCIO development, operations and
maintenance teams and particularly the
Digital Services Office; (3) manages and
maintains system and user access
control lists (ACLs); (4) establishes
policies for and maintains perimeter
networks or demilitarized zones that
prevent interaction between internal
and external networks; and (5) conducts
assessment and testing of emerging
cybersecurity technologies to identify,
evaluate, and make recommendations to
integrate potential advances in cyber
threat protection.
Cyber Intelligence and Insider Threat
Branch (CAJRKG) (1) Establishes
policies and procedures for detecting
and responding to insider threats; (2)
establishes policies and procedures for
detecting and responding to intelligence
threats resulting from foreign travel of
CDC personnel; (3) conducts personnel
forensics and analysis of anomalous
cybersecurity activities, including data
transiting, storage, and use of electronic
media; (4) conducts self-phishing
exercises and follow-up activities; (5)
delivers analytic and technical support
to Law Enforcement,
Counterintelligence and National
Security inquiries and investigations; (6)
deploys and maintains systems that
allow the examinations in a
forensically-sound manner using
repeatable and defensible processes; (7)
assists in the implementation of
intelligence-driven threat mitigation,
including applying tools that identify
and mitigate current and projected risks;
and (8) ensures that insider threat
E:\FR\FM\04OCN1.SGM
04OCN1
Federal Register / Vol. 84, No. 193 / Friday, October 4, 2019 / Notices
related activities occur in accordance
with applicable privacy laws and
policies.
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Sherri A. Berger,
Chief Operating Officer, Centers for Disease
Control and Prevention.
Centers for Disease Control and
Prevention
[FR Doc. 2019–21629 Filed 10–3–19; 8:45 am]
Mine Safety and Health Research
Advisory Committee (MSHRAC)
BILLING CODE 4163–18–P
AGENCY:
Centers for Disease Control and
Prevention (CDC), Department of Health
and Human Services (HHS).
ACTION: Notice of meeting.
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
In accordance with the
Federal Advisory Committee Act, the
CDC announces the following meeting
for the Mine Safety and Health Research
Advisory Committee (MSHRAC). This
meeting is open to the public, limited
only by the space available. The meeting
room accommodates approximately 75
people. If you wish to attend in person
or by phone, please contact Marie
Chovanec by email at MChovanec@
cdc.gov or by phone at 412–386–5302 at
least 5 business days in advance of the
meeting.
DATES: The meeting will be held on
November 13, 2019, 8:45 a.m.–4:30
p.m., EDT and on November 14, 2019,
8:15 a.m.–12:00 p.m. EDT.
ADDRESSES: Atlanta Marriott Northeast/
Emory Area, 2000 Century Boulevard
NE, Atlanta, GA 30345 United States.
FOR FURTHER INFORMATION CONTACT:
Jeffrey H. Welsh, Designated Federal
Officer, MSHRAC, NIOSH, CDC, 626
Cochrans Mill Road, Pittsburgh, PA
15236, telephone 412–386–4040; email
juw5@cdc.gov.
SUPPLEMENTARY INFORMATION:
Purpose: This committee is charged
with providing advice to the Secretary,
Department of Health and Human
Services; the Director, CDC; and the
Director, NIOSH, on priorities in mine
safety and health research, including
grants and contracts for such research,
30 U.S.C. 812(b)(2), Section 102(b)(2).
Matters To Be Considered: The agenda
will include discussions on mining
safety and health research projects and
outcomes, including updates from two
MSHRAC Workgroups, the Health
Advisory in the Mining Program
(HAMP) workgroup and the Metal
Mining Automation and Advanced
Technologies (MMAAT) workgroup,
external review of the NIOSH Mining
program recommendations, NIOSH
Mining Program strategic plan update,
update on acquiring a replacement for
the Lake Lynn Experimental Mine,
proximity detection research, corrosion
research, update on miner health data
sources and analyses, update on fatigue
research, update on EOS–RCS
monitoring method, and canopy air
SUMMARY:
Centers for Disease Control and
Prevention
Delegation of Authority
Notice is hereby given that I have
delegated to the Chief Operating Officer,
Centers for Disease Control and
Prevention (CDC), without the authority
to redelegate, the authority vested in the
Secretary of HHS by section 212(1) of
the Department of Defense and Labor,
Health and Human Services, and
Education Appropriations Act, 2019 and
Continuing Appropriations Act, 2019
(FY 19 HHS Appropriations Act) Public
Law No. 115–245, division B, title II, or
substantially similar authorities vested
in the Secretary in the future by
Congress, in order to carry out
international health activities to
respond to the current Ebola outbreak.
The authority under section 212(1) is
immediately revoked in the event that
any subsequent fiscal year HHS
appropriations act does not contain the
provision currently in section 212(1) or
substantially similar authority.
The Chief Operating Officer, CDC,
shall consult with the Secretary of State
and relevant Chief of Mission to ensure
that this authority is exercised in a
manner consistent with section 207 of
the Foreign Service Act of 1980 and
other applicable statutes administered
by the Department of State.
This delegation became effective on
September 26, 2019 and is valid until
September 18, 2020.
Robert R. Redfield,
Director, Centers for Disease Control and
Prevention.
khammond on DSKJM1Z7X2PROD with NOTICES
[FR Doc. 2019–21580 Filed 10–3–19; 8:45 am]
BILLING CODE 4163–18–P
VerDate Sep<11>2014
16:49 Oct 03, 2019
Jkt 250001
PO 00000
Frm 00058
Fmt 4703
Sfmt 4703
53155
curtain research. The meeting will also
include updates from the NIOSH
Associate Director for Mining, the
Spokane Mining Research Division, and
the Pittsburgh Mining Research
Division. Agenda items are subject to
change as priorities dictate.
The Director, Strategic Business
Initiatives Unit, Office of the Chief
Operating Officer, Centers for Disease
Control and Prevention, has been
delegated the authority to sign Federal
Register notices pertaining to
announcements of meetings and other
committee management activities, for
both the Centers for Disease Control and
Prevention and the Agency for Toxic
Substances and Disease Registry.
Kalwant Smagh,
Director, Strategic Business Initiatives Unit,
Office of the Chief Operating Officer, Centers
for Disease Control and Prevention.
[FR Doc. 2019–21581 Filed 10–3–19; 8:45 am]
BILLING CODE 4163–18–P
DEPARTMENT OF HEALTH AND
HUMAN SERVICES
Centers for Disease Control and
Prevention
Solicitation of Nominations for
Appointment to the Interagency
Committee on Smoking and Health
(ICSH)
ACTION:
Notice.
The Centers for Disease
Control and Prevention (CDC) is seeking
nominations for membership on the
ICSH. The ICSH consists of 5 experts in
fields that represent private entities
involved in informing the public about
the health effects of smoking.
Nominations are being sought for
individuals who have expertise and
qualifications necessary to contribute to
the accomplishments of the committee’s
objectives. Nominees will be selected
based on expertise in the fields of the
health effects of smoking. Additionally,
desirable qualifications include: (1)
Knowledge of emerging tobacco control
policies and experience in analyzing,
evaluating, and interpreting Federal,
State and/or local health or regulatory
policy; and/or (2) familiarity and
expertise in developing or contributing
to the development of policies and/or
programs for reducing health disparities
in tobacco use in the United States; and/
or (3) knowledge of the intersection of
behavioral health conditions (mental
and/or substance use disorders) and
tobacco use/tobacco control. Federal
employees will not be considered for
membership. Members may be invited
SUMMARY:
E:\FR\FM\04OCN1.SGM
04OCN1
]]>Agencies
[Federal Register Volume 84, Number 193 (Friday, October 4, 2019)]
[Notices]
[Pages 53152-53155]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-21629]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Centers for Disease Control and Prevention
Statement of Organization, Functions, and Delegations of
Authority
Part C (Centers for Disease Control and Prevention) of the
Statement of Organization, Functions, and Delegations of Authority of
the Department of Health and Human Services (45 FR 67772-76, dated
October 14, 1980, and corrected at 45 FR 69296, October 20, 1980, as
amended most recently at 84 FR 45152-45153, August 28, 2019) is amended
to reorganize the Office of the Chief Information Officer, Office of
the Chief Operating Officer, Office of the Director, Centers for
Disease Control and Prevention.
Key functional changes include the abolishment of the Information
Technology Services Office, Management Information Systems Office and
the Office of the Chief Information Security Officer and the creation
of an organizational structure that is customer centric and fosters
modernization.
Section C-B, Organization and Functions, is hereby amended as
follows:
Delete in its entirety the title and the mission and function
statements for the Office of the Chief Information Officer (CAJR) and
insert the following:
Office of the Chief Information Officer (CAJR). The mission of the
Office of the Chief Information Officer (OCIO) is to administer the
Centers for Disease Control and Prevention's (CDC) information
resources and information technology programs including collection,
management, use, and disposition of data and information assets;
development, acquisition, operation, maintenance, and retirement of
information systems and information technologies; IT capital planning;
enterprise architecture; information security; education, training, and
workforce development in information and IT disciplines; development
and oversight of information and IT policies, standards, and guidance;
and administration of certain other general management functions and
services for CDC.
Office of the Director (CAJR1). (1) Provides leadership, direction,
coordination, support and assistance to CDC's programs and activities
to enhance CDC's strategic position in public health informatics,
information technology, and other information areas to optimize
operational effectiveness (2) represents CDC with various external
stakeholders, collaborators, service providers, and oversight
organizations; (3) maintains liaison with HHS officials; (4) directs
the strategic objectives and operations of offices within the OCIO to
ensure effective and efficient service delivery; (5) provides strategic
and tactical management of CDC's IT investments and initiatives; (6)
delivers change management support to promote the adoption of
technology solutions and process improvements; (7) manages and ensures
proper execution of enterprise projects and programs; (8) directs IT
research and development priorities; (9) leads, plans, and manages
CDC's information technology (IT) budget development and review
processes; (10) plans and directs the Capital Planning Investment
Control processes; (11) develops and monitors earned value management
(EVM) analyses of project cost, schedule and deliverable commitments;
(12) provides guidance to program and project managers on the use of
tools for preparing investment documentation that meet CDC, HHS, and
OMB requirements; (13) provides guidance to program and project
managers on Technology Business Management; and (14) supports CDC
information resource governance structures.
Office of Business Operations (CAJR16). (1) Provides leadership,
oversight, and guidance for OCIO's centralized accounting, acquisition
and budget services; (2) provides guidance, oversight, and coordination
of OCIOs organizational design and human capital management; (3)
provide OCIO IT policy coordination; (4) provides expertise in
interpreting applicable laws, regulations, policies, and offers
guidance, direction, and coordination in resolving issues; (5) advises
and assists the CDC Chief Information Officer, OCIO office directors,
and senior staff on all matters regarding internal business service
operations; (6) maintains internal controls; (7) provides leadership
and strategic support in the determination of long-term operational
needs; (8) provides collaboration and centralized consolidation of
office reporting requirements; (9) provides strategic planning and
coordination of OCIO transformation projects and initiatives; (10)
provides leadership, oversight, and guidance for OCIO enterprise risk
management, continual process improvement; performance measures and
evaluation; (11) provides and oversees the delivery of OCIO-wide
administrative management and support services in the areas of fiscal
management, personnel, travel, records management, vendor management,
internal controls, and other administrative services; (12) plans,
develops, manages and conducts oversight of OCIOs information
technology and services contracts; and (13) provides coordination and
oversight for internal and external OCIO communications.
Enterprise Data Office (CAJR17). (1) Develops, promotes,
implements, and evaluates data science approaches for improved research
of large and complex
[[Page 53153]]
data sets; (2) maintains and leverages data acquired from multiple
sources; (3) develops and implements solutions to strengthen
information systems and reporting; (4) develops and implements
computer-based decision support tools and mobile applications; (5)
collaborates with other CDC programs to develop and promote informatics
solutions for improving data management, practice, and preparedness;
(6) identifies needs and develops strategies and approaches to acquire
and manage enterprise statistical software licenses; (7) develops
internal cost allocation methods and coordinates allocation of costs
for annual license renewal payments; and (8) coordinates and manages an
enterprise data governance program and procedures to maintain ``fit for
purpose'' standards and decision rights for enterprise data.
Customer Engagement Office, (CAJRH). The Customer Engagement Office
oversees agency-wide OCIO customer relationships, account management,
innovation and research and development agenda for business and
administrative systems.
Office of the Director (CAJRH1). (1) Provides account management
representing the entire range of OCIO products and services to OCIO
customers; (2) maintains and expands OCIO customer relationships; (3)
manages OCIO help desk response, coordination, tracking and reporting;
(4) provides and maintains end user support services for OCIO products
and devices; (5) collaborates with OCIO offices and customers in
support of IT innovation and to achieve program outcomes; and (6)
ensures the execution of OCIO's research and development agenda.
Program Services Branch (CAJRHB). (1) Focuses on improving the end-
to-end experience of OCIO customers and fostering a customer-first
mentality by serving as the day-to-day point of contact; (2) works with
other OCIO units to better understand technology users' experiences and
to align OCIO products and services to customer needs; (3) creates
customer interview and survey guides, journey maps, and personas; (4)
develops and strengthens OCIO's customer experience abilities and
processes by helping teams adapt to shifting customer preferences; (5)
applies research strategies and outputs to shed light on customer
perspectives and collect customer feedback; and (6) coordinates
solution development efforts to address customer needs.
Customer Assistance Branch (CAJRHC). (1) Serves as the first line
of help when customers encounter problems or defects with products and
programs; (2) provides end user services support including installs,
moves, adds and changes, and desk-side support; (3) manages and
coordinates product, service, systems and infrastructure help desk; (4)
answers and addresses customer problems directly; (5) escalates
customer problems and questions to appropriate OCIO office or branch
staff and tracks open help desk tickets to resolution; (6) provides
meeting support services including electronic meeting systems; and (7)
manages, conducts, and monitors OCIO supported device deployment and
refresh activities.
Emerging Technology & Design Acceleration Branch (CAJRHD). (1)
Collaborates with CDC programs and external partners to develop
innovative technologies and techniques to positively impact public
health practice; (2) executes OCIO's research and development agenda in
support of advancing public health programs and enterprise IT; (3)
prototypes products and processes and gathers user feedback to evaluate
and refine big ideas to prioritize investments; (4) develops,
implements and maintains OCIO's intake process for new mission-based
technology requests; (5) transitions new technology-based solutions,
standards, and techniques to programs for deployment and
implementation; (6) provides consultation, evaluation, guidance, and
support in the use of new informatics solutions and architecture; (7)
works directly with customers to facilitate design sessions that
integrate human-centered design principles; (8) rapidly defines
problems, facilitates design sessions, creates prototypes, conducts
pilot projects, and examines and tests hypotheses to support
information technology solutions; and (9) participates and represents
the agency on technology innovation committees, workgroups,
organizations, and councils, within CDC and with other federal
agencies.
Digital Services Office (CAJRJ). The Digital Services Office (DSO)
oversees agency-wide business and administrative customer facing
information technology solutions and OCIO's modernization roadmap.
Office of the Director (CAJRJ1). (1) Manages and approves new
product development and deployments for all customer facing solutions;
(2) executes the OCIO modernization strategy and roadmap, and ensures
adequate resources are available to achieve the organization's
strategic goals and objectives; (3) provides approval for and ensures
the execution of OCIO product lifecycle roadmaps; (4) facilitates
cross-functional collaboration across OCIO to achieve targeted
performance goals and business outcomes; (5) provides identity and
access management services to meet current and future organizational
needs; (6) ensures efficient operations and proper maintenance of all
network, security, storage and computer systems; (7) works with the
Cybersecurity Program Offices to address identified application,
system, network and infrastructure performance issues; (8) ensures the
availability of a modern, customer-driven IT workforce within DSO; and
(9) coordinates, tracks, and manages project assignments for all DSO
human and technology resources.
Technology Solutions Branch (CAJRJB). (1) Identifies, tests and
integrates new technologies and digital services; (2) ensures products
and services align to customer needs and meet OCIO's modernization and
transformation strategic objectives; (3) standardizes and enhances
technology and service development practices; (4) obtains and manages
cloud computing services from cloud service providers; (5) designs,
deploys and maintains Software as a Service (SaaS), Platform as a
Service (PaaS), and Infrastructure as a Service (IaaS) such as virtual
machines, networks and databases; (6) identifies optimization
opportunities and coordinates technology modernization efforts; and (7)
operates and maintains business and mission systems, including change
requests, release cycle management, and decommissioning of redundant or
outdated technology.
Product Management Branch (CAJRJC). (1) Manages the vision and
strategy for OCIO products and ensures alignment to customer needs and
modernization goals; (2) works across OCIO service teams as well as
with other OCIO offices and customers to define current and future
product capabilities and requirements; (3) establishes and maintains
product lifecycle roadmaps; (4) coordinates cross-service and cross-
product collaboration; (5) maintains all network, security, storage and
computer systems to support global mission activities; (6) detects and
responds to global incidents that affect network performance and
availability; (7) develops and maintains backup and recovery processes
to enable global IT services, and global help desk support
capabilities; and (8) collaborates with partners to implement country-
specific IT regulations and requirements.
Identity and Access Management Branch (CAJRJD). (1) Develops and
maintains CDC's identity and access management (IAM) strategy; (2)
designs and deploys identification standards for federal employees,
contractors and
[[Page 53154]]
external partners; (3) designs, implements and deploys IAM services;
(4) performs identity attribute management; and (5) manages identity
governance for the enterprise.
Infrastructure Services Branch (CAJRJE). (1) Maintains and monitors
all IT infrastructure for network, security, data centers, storage,
telecommunications, and computer systems; (2) works with the
Cybersecurity Program Office to detect and respond to incidents that
affect network performance and availability, and security of
information assets; (3) coordinates approved changes and upgrades to
the CDC infrastructure environment; (4) develops and maintains backup
and recovery processes to maintain continuity of operations; and (5)
collaborates with Customer Engagement Office to facilitate appropriate
help desk support capabilities.
Cybersecurity Program Office (CAJRK). The Cybersecurity Program
Office oversees agency-wide cyber functions, privacy, risk management,
threat protection, and compliance to ensure the safety of CDC's public
health mission.
Office of the Director (CAJRK1). (1) Manages CDC privacy policies,
procedures, and processes; (2) ensures compliance with Federal
Information Security Management Agency (FISMA), OMB, HHS, CDC and other
government mandates, and regulations; (3) establishes and oversees CDC
information security risk management and compliance activities; (4)
provides and manages a centralized network and security operations
command and control center; (5) provides oversight and implementation
of Information Security Continuous Monitoring (ISCM) activities,
including maintenance of the agency's Continuous Diagnostics and
Mitigation (CDM) program; (6) manages CDC cybersecurity related insider
threat detection, response, and security awareness training programs;
(7) manages and executes privacy incident response, including
compliance and remediation efforts; (8) performs Personally
Identifiable Information (PII) inventory and data classification
mapping; and (9) works with OCIO offices and customers to effectively
implement privacy standards in support of program outcomes.
Policy Branch (CAJRKB). (1) Works with OCIO development and
operations teams to identify and adapt applicable standards and service
level agreements (SLAs) for OCIO products and services; (2) ensures
CDC-wide compliance and adherence to applicable FISMA and other federal
mandates, standards, practices and policies; (3) oversees an annual
security policy review and approval process; (4) develops and manages
CDC Cybersecurity policies; (5) determines security requirements for IT
systems to receive an authority to operate (ATO) and connect to agency
systems and networks; and (6) performs ongoing authorization of
information technology systems.
Risk and Compliance Branch (CAJRKC). (1) Establishes and implements
information security risk management protocols and processes; (2)
performs penetration testing of all external and important systems; (3)
conducts security architecture reviews of key technologies; (4)
provides FISMA management, including audits of agency IT assets
(architecture, hardware, software, networks, hosted applications, etc.)
for possible security risks and compliance to cybersecurity standards
and policies identified by the Cybersecurity Policy Branch; (5) manages
corrective efforts for security weaknesses, including Plan of Action
and Milestones (POA&Ms); (6) collects, synthesizes and reports on
compliance to standards and cybersecurity incidents, including risks,
issues, incidents, violations, and the status of remediation efforts;
and (7) develops and implements cyber and information security
awareness activities and training.
Advanced Threat Protection Branch (CAJRKD). (1) Administers the
integrated Network Operations Center (NOC) and Security Operations
Center (SOC) central command and control Systems Management Team (SMT)
for monitoring, triaging, troubleshooting and escalating all detected,
reported, or potential security incidents, performance issues,
enterprise services and infrastructure operations; (2) oversees
Computer Security Incident Response (CSIR); (3) monitors network,
systems, infrastructure, and application security; (4) establishes
network defenses through proactive and reactive measures; (5)
identifies and mitigates network intrusion attempts; (6) investigates
security policy violations and other cybersecurity-related anomalies;
(7) conducts technical and operational cybersecurity vulnerability
assessments and manages remediation efforts; (8) conducts code
vulnerability and penetration testing, including detailed packet
analysis on triggered events and malicious code, and troubleshoots
identified threats and vulnerabilities; (9) applies and coordinates
directed cybersecurity compliance requirements; (10) coordinates
reporting and incident response actions with DHS US-CERT, HHS CSIRC
and/or other external entities; (11) provides tool management and
configuration to implement, configure and maintain the capabilities and
tools used to deter and detect threats, risks, and vulnerabilities on
the CDC enterprise network; (12) develops, deploys and maintains
security products and tools to the CDC environment; (13) deploys,
configures and operates CDC enterprise firewalls; (14) designs,
implements and maintains security controls, develops and deploys
continuous monitoring systems within the infrastructure environment;
(15) deploys, configures and operates CDC enterprise Continuous
Diagnostics & Mitigation (CDM) tools; and (16) consolidates critical IT
data from disparate sources into meaningful data sets used to
effectively conduct cyber Hunt activities across the enterprise.
Engineering and Technologies Branch (CAJRKE). (1) Develops and
maintains security architecture and engineering procedures, policies
and frameworks including firewall policy; (2) provides technical
security architecture and engineering advice and expertise to OCIO
development, operations and maintenance teams and particularly the
Digital Services Office; (3) manages and maintains system and user
access control lists (ACLs); (4) establishes policies for and maintains
perimeter networks or demilitarized zones that prevent interaction
between internal and external networks; and (5) conducts assessment and
testing of emerging cybersecurity technologies to identify, evaluate,
and make recommendations to integrate potential advances in cyber
threat protection.
Cyber Intelligence and Insider Threat Branch (CAJRKG) (1)
Establishes policies and procedures for detecting and responding to
insider threats; (2) establishes policies and procedures for detecting
and responding to intelligence threats resulting from foreign travel of
CDC personnel; (3) conducts personnel forensics and analysis of
anomalous cybersecurity activities, including data transiting, storage,
and use of electronic media; (4) conducts self-phishing exercises and
follow-up activities; (5) delivers analytic and technical support to
Law Enforcement, Counterintelligence and National Security inquiries
and investigations; (6) deploys and maintains systems that allow the
examinations in a forensically-sound manner using repeatable and
defensible processes; (7) assists in the implementation of
intelligence-driven threat mitigation, including applying tools that
identify and mitigate current and projected risks; and (8) ensures that
insider threat
[[Page 53155]]
related activities occur in accordance with applicable privacy laws and
policies.
Sherri A. Berger,
Chief Operating Officer, Centers for Disease Control and Prevention.
[FR Doc. 2019-21629 Filed 10-3-19; 8:45 am]
BILLING CODE 4163-18-P
