Reorganization of the Office of the Chief Information Officer, 44301-44302 [2023-14695]

Agencies

• Centers for Disease Control and Prevention
• DEPARTMENT OF HEALTH AND HUMAN SERVICES

[Federal Register Volume 88, Number 132 (Wednesday, July 12, 2023)]
[Notices]
[Pages 44301-44302]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2023-14695]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Centers for Disease Control and Prevention


Reorganization of the Office of the Chief Information Officer

AGENCY: Centers for Disease Control and Prevention (CDC), the 
Department of Health and Human Services (HHS).

ACTION: Notice.

-----------------------------------------------------------------------

SUMMARY: CDC has modified its structure. This notice announces the 
reorganization of the Office of the Chief Information Officer (OCIO). 
OCIO restructured to optimize support for the CDC Moving Forward 
reorganization and Data Modernization Initiatives.

DATES: This reorganization of OSSAM was approved by the Director of CDC 
on June 28, 2023.

FOR FURTHER INFORMATION CONTACT: Kimberly Thurmond, Office of the Chief 
Operating Officer, Office of the Director, Centers for Disease Control 
and Prevention, 1600 Clifton Road NE, MS TW-2, Atlanta, GA 30329. 
Telephone 770-488-4401; Email: [email protected].

SUPPLEMENTARY INFORMATION: Part C (Centers for Disease Control and 
Prevention) of the Statement of Organization, Functions, and 
Delegations of Authority of the Department of Health and Human Services 
(45 FR 67772-76, dated October 14, 1980, and corrected at 45 FR 69296, 
October 20, 1980, as amended most recently at 88 FR 9290-9291, dated 
February 13, 2023) is amended to reflect the reorganization of Office 
of the Chief Information Officer within the Office of the Chief 
Operating Officer, Centers for Disease Control and Prevention. 
Specifically, the changes are as follows:
    I. Under Part C, Section C-B, Organization and Functions, retitle 
the following organizational units:
     Customer Engagement Office (CAJRH) to the Customer 
Experience Office (CAJRH).
     Technology Solutions Branch (CAJRJB) to the Application 
Services Branch (CAJRJB).
     Policy Branch (CAJRKB) to the Governance, Risk and 
Compliance Branch (CAJRKB).
    II. Under Part C, Section C-B, Organization and Functions, add the 
following:
    Technology Modernization Office (CAJR18). (1) advances the field of 
public health information technology (IT) for the Agency through the 
execution of applied research and innovation; (2) evaluates IT 
solutions and processes with customer feedback to guide and refine 
ideas for investment prioritization; (3) transitions new technology-
based solutions, standards, and techniques for deployment and 
implementation (4) leads IT investment strategy; (5) serves as 
principal advisor for the development and implementation of the OCIO 
enterprise portfolio; (6) establishes, implements, and communicates a 
comprehensive and integrated framework for CDC enterprise architecture; 
(7) identifies needs and resources for new initiatives and assigns 
responsibilities for their development; (8) coordinates the development 
of a research agenda for information technology and public health 
collaboration; (9) implements processes for transitioning applied 
research into the application of innovative technologies to operations; 
(10) facilitates cross-functional collaboration across OCIO to achieve 
targeted performance goals and business outcomes for strategic priority 
initiatives; and (11) participates and represents the agency on 
technology innovation committees, workgroups, organizations, and 
councils, within CDC and with other Federal agencies.
    Global Activities Branch (CAJRHE). (1) maintains all network, 
security, storage, and computer systems to support global mission 
activities; (2) detects and responds to global incidents that affect 
network performance and availability; (3) develops and maintains backup 
and recovery processes to enable global IT services, and global help 
desk support capabilities; and (4) collaborates with partners to 
implement country-specific IT regulations and requirements.
    Data Transport Branch (CAJRJG). (1) provides business and 
technology capabilities that enable the development of enterprise-
specific products and services that support bi-directional exchange of 
data between CDC and external customers; (2) manages the vision and 
strategy for the Data Transport platform and products to ensure 
alignment to customer needs and modernization goals; (3) works across 
OCIO service teams as well as all Centers, Institute and Offices (CIOs) 
at CDC to define current and future platform and product capabilities 
and requirements; (4) establishes and maintains platform and product 
lifecycle roadmaps; and (5) coordinates cross-platform and cross-
product collaboration.
    Cloud Services Branch (CAJRJH). (1) provides business and 
technology capabilities that enable the development of enterprise 
products and services; (2) obtains and manages cloud services from 
cloud service providers; (3) designs, deploys, and maintains Software 
as a Service, Platform as a Service, and Infrastructure as a Service 
such as virtual machines, networks, and databases; (4) manages the 
vision and strategy for Cloud platforms and products to ensure 
alignment to customer needs and modernization goals; (5) works across 
OCIO service teams as well as all CDC CIOs to define current and future 
platform and product capabilities and requirements; (6) establishes and 
maintains platform and product lifecycle roadmaps; and (7) coordinates 
cross-platform and cross-product collaboration.
    Data Analytics and Visualization Branch (CAJRJJ). (1) provides 
business and technology capabilities that enable the development of 
enterprise-specific products and services that support data analytics 
and data visualization; (2) manages the vision and strategy for the 
Enterprise Data Analytics and Visualization (EDAV) platform and 
products to ensure alignment with customer needs and modernization 
goals; (3) works across OCIO service teams as well as all CDC CIOs to 
define current and future platform and product capabilities and 
requirements; (4) establishes and maintains platform and product 
lifecycle roadmaps; and (5) coordinates cross-platform and cross-
product collaboration.
    Business Automation Branch (CAJRJK). (1) provides business and 
technology capabilities that enable the development of enterprise-
specific products and services; (2) manages the

[[Page 44302]]

vision and strategy for the IT business management platform and 
products to ensure alignment to customer needs and modernization goals; 
(3) works across OCIO service teams as well as all CDC CIOs to define 
current and future platform and product capabilities and requirements; 
(4) establishes and maintains platform and product lifecycle roadmaps; 
and (5) coordinates cross-platform and cross-product collaboration.
    Governance, Risk and Compliance Branch (CAJRKB). (7) Establishes 
and implements information security risk management protocols and 
processes; (8) performs penetration testing of all external and 
important systems; (9) conducts security architecture reviews of key 
technologies; (10) manages corrective efforts for weakness management, 
including Plan of Action and Milestones; (11) collects, synthesizes, 
and reports on compliance to standards and cybersecurity incidents, 
including risks, issues, incidents, violations, and the status of 
remediation efforts (Attack Surface Management); and (12) manages CDC 
cybersecurity-related insider threat detection, response, and security 
awareness training programs.
    Workplace Productivity Branch (CAJRJL). (1) provides business and 
technology capabilities that enable the development of enterprise-
specific products and services; (2) manages the vision and strategy for 
the Workplace Productivity platform and products to ensure alignment to 
customer needs and modernization goals; (3) works across OCIO service 
teams as well as all CDC CIOs to define current and future platform and 
product capabilities and requirements; (4) establishes and maintains 
platform and product lifecycle roadmaps; and (5) coordinates cross-
platform and cross-product collaboration.
    III. Under Part C, Section C-B, Organization and Functions, delete 
the mission or functional statement for and replace with the following:
    Office of the Chief Information Officer (CAJR). The mission of the 
OCIO is to administer the CDC's IT programs including collection, 
management, use, and disposition of data and information assets; 
development, acquisition, operation, maintenance, and retirement of 
information systems and information technologies; IT capital planning; 
enterprise architecture; information and cybersecurity; data privacy; 
accessibility program that includes responsibilities for executing 
sections 504 and 508 requirements; education, training, and workforce 
development in information and IT disciplines; development and 
oversight of information and IT policies, standards, and guidance; and 
administration of certain other general management functions and 
services for CDC.
    Office of the Director (CAJRH1). (1) provides account management 
representing the entire range of OCIO products and services to OCIO 
customers; (2) maintains and expands OCIO customer relationships; (3) 
manages OCIO help desk response, coordination, tracking, and reporting; 
(4) provides and maintains end-user support services for OCIO products 
and devices; (5) works directly with customers to facilitate design 
sessions that integrate Human-Centered Design principles; (6) provides 
technical assistance for sections 504 and 508 of the Rehabilitation Act 
of 1973; (7) delivers Accessibility Program, closed captioning and 
meeting accessibility services; (8) evaluates assistive technologies 
and contract compliance; and (9) assesses and clears communication 
products for section 508 compliance.
    Digital Services Office (CAJRJ). The Digital Services Office 
oversees agency-wide mission, business, and administrative customer-
facing information technology solutions, and OCIO's modernization 
roadmap.
    Office of the Director (CAJRJ1). (1) engages in appropriate 
governance processes necessary to approve new platform and product 
development and deployments for all customer-facing solutions; and (2) 
executes the OCIO modernization strategy and roadmap, and advocates for 
adequate resources to achieve the organization's strategic goals and 
objectives.
    Application Services Branch (CAJRJB). (2) ensures applications and 
services meet customer and OCIO North Star architecture requirements 
and modernization objectives.
    Infrastructure Services Branch (CAJRJE). (5) collaborates with 
Customer Experience Office to facilitate appropriate help desk support 
capabilities.
    Office of the Director (CAJRK1). (1) manages CDC privacy policies, 
procedures, and processes; (2) ensures compliance with Federal 
Information Security Management Agency (FISMA), Office of Management 
and Budget, HHS, CDC, and other government mandates, and regulations; 
(3) provides FISMA management, including audits of agency IT assets 
(architecture, hardware, software, networks, hosted applications, etc.) 
for possible security risks and compliance to cybersecurity standards 
and policies identified by the Governance, Risk and Compliance Branch; 
(4) provides oversight and implementation of information security 
continuous monitoring activities, including maintenance of the agency's 
continuous diagnostics and mitigation and High Value Asset programs; 
(5) manages CDC cybersecurity-related insider threat detection, 
response, and security awareness training programs; (6) manages and 
executes privacy incident response, including compliance and 
remediation efforts; (7) performs personally identifiable information 
inventory and data classification mapping; and (8) works with OCIO 
offices and customers to effectively implement privacy standards in 
support of program outcomes.
    IV. Under Part C, Section C-B, Organization and Functions, delete 
in its entirety the title and functional statement for the following:
     Enterprise Data Office (CAJR17).
     Emerging Technology and Design Acceleration Branch 
(CAJRHD).
     Product Management Branch (CAJRJC).
     Risk Compliance Branch (CAJRKC).

Delegations of Authority

    All delegations and redelegations of authority made to officials 
and employees of affected organizational components will continue in 
them or their successors pending further redelegation, provided they 
are consistent with this reorganization.

(Authority: 44 U.S.C. 3101)

Robin D. Bailey,
Chief Operating Officer, Centers for Disease Control and Prevention.

[FR Doc. 2023-14695 Filed 7-11-23; 8:45 am]
BILLING CODE 4163-18-P