[Federal Register Volume 65, Number 172 (Tuesday, September 5, 2000)]
[Notices]
[Pages 53721-53724]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 00-22569]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of the Secretary


Statement of Organization, Functions and Delegation of Authority; 
Assistant Secretary for Management and Budget

    Part A, of the Office of the Secretary, Statement of Organization, 
Functions and Delegation of Authority for the Department of Health and 
Human Services, is being amended at Chapter AM, HHS Management and 
Budget Office, Chapter AMM, Office of Information Resources Management 
(OIRM), as last amended at 63 FR 31779-81, June 10, 1998. The changes 
are to reflect a realignment of functions within the existing 
components and the establishment of an Office of Information Technology 
Security and Privacy within the Office of Information Resources 
Management. The changes are as follows:
    Delete in its entirety Chapter AMM, Office of Information Resources 
Management and replace with the following:
    Chapter AMM, Office of Information Resources Management AMM.00 
Mission. The Office of Information Resources Management advises the 
Secretary and the Assistant Secretary for Management and Budget/Chief 
Information Officer (CIO) on matters pertaining to the use of 
information and related technologies to accomplish Departmental goals 
and program objectives. The mission of the Office is to provide 
assistance and guidance on the use of technology-supported business 
process reengineering, investment analysis, performance measurement, 
and strategic development and application of information systems and 
infrastructure, policies to provide improved management of information 
resources and technology, and better, more efficient service to our 
clients and employees.
    The Office is responsible for the overall quality of information 
resources management throughout the Department; representing the 
Department to central management agencies (e.g., the Office of 
Management and Budget); developing and monitoring Departmentwide 
Enterprise Infrastructure Management strategy; developing and 
maintaining the Department's information technology architecture; 
developing and establishing Departmental information technology 
policies, and advocating rigorous methods for analyzing,

[[Page 53722]]

selecting, developing, operating, and maintaining information systems.
    The Office collaborates with the Operating Divisions (OPDIVs) and 
Staff Divisions (StaffDivs) of the Department to resolve policy and 
management issues, manage risk associated with major information 
systems, evaluate and approve investments in technology, monitor 
Departmental policy and architectural compliance, and share best 
practices.
    The Office exercises authorities delegated by the Secretary to the 
Assistant Secretary for Management and Budget, as the CIO for the 
Department. These authorities derive from the Information Technology 
Management Reform Act of 1996, the Paperwork Reduction Act of 1995, the 
Computer Matching and Privacy Act of 1988, the Computer Security Act of 
1987, the National Archives and Records Administration Act of 1984, the 
competition in Contracting Act of 1984, the Federal Records Act of 
1950, OMB Circular A-130, Government Printing and Binding Regulations 
issued by the Joint Committee on Printing, and Presidential Decision 
Directive 63.
    Section AMM.10 Organization. The Office of Information Resources 
Management (OIRM), under the supervision of the Deputy Assistant 
Secretary for Information Resources Management/Deputy CIO, who reports 
to the Assistant Secretary for Management and Budget/CIO, consists of 
the following:
     Immediate Office (AMMA)
     Office of Information Technology Policy (AMMJ)
     Office of Information Technology Services (AMML)
     Office of Information Technology Development (AMMM)
     Office of Information Technology Security and Privacy 
(AMMN)
    Section AMM.20 Functions. A. The Immediate Office of Information 
Resources Management is responsible for the following:
    1. Providing advice and counsel to the Secretary and the Assistant 
Secretary for Management and Budget/Chief Information Officer under the 
direction of the Deputy Assistant Secretary for Information Resources 
Management serving as the Department's Deputy CIO.
    2. Providing executive direction to align Departmental strategic 
planning for information resources and technology with the Department's 
strategic business planning.
    3. Providing executive direction to develop and maintain 
Departmental information technology policy and architecture.
    4. Promoting business process reengineering, investment analysis, 
and performance measurement throughout the Department, to capitalize on 
evolving information technology, treating it as an investment rather 
than as an expense.
    5. Representing the Department in Federal Governmentwide 
initiatives to develop policy and implement an information 
infrastructure.
    6. Chairing the Department's Information Technology Investment 
Review Board (ITIRB) and the Department's Chief Information Officers' 
Advisory Council (y the Deputy Assistant Secretary for Information 
Resources Management/Deputy CIO). Chairing the Office of the Secretary 
Information Resources Management Policy and Planning Board (by the 
Deputy Office Director).
    7. Managing funds, personnel, information, property, and projects 
of the Office of Information Resources management.
    8. Acting as the CIO for the Office of the Secretary.
    B. The Office of Information Technology Policy (OITP) is 
responsible for the following:
    1. Working with OPDIV Chief Information Officers (CIOs) to support 
Governmentwide initiatives of the Federal CIO Council and to jointly 
identify opportunities for participation and consultation in planning 
information technology projects with major effects on OPDIV program 
performance (e.g., capital planning and investment, security, 
information technology architecture). OITP provides leadership 
primarily in the planning, design, and evaluation of major projects.
    2. Assessing risks that major information systems pose to 
successful performance of program operations and efficient conduct of 
administrative business throughout the Department, developing risk 
assessment policies and standard operating procedures and tools, and 
using program outcome measures to gauge the quality of Departmental 
information resources management.
    3. Coordinating the Department's strategic planning and budgeting 
processes for information technology, providing direct planning 
development and support to assure that IRM plans support agency 
business planning and mission accomplishment.
    4. Coordinating the activities of the Departmental Information 
Technology Investment Review Board (ITIRB) in assessing the 
Department's major information systems to analyze and evaluate IT 
investment decisions based on risk-adjusted rate of return and support 
of agency mission. Review OPDIV ITIRB implementations, IT capital 
funding decisions, and use of performance metrics to evaluate program 
success or failure for both initial and continued funding.
    5. Developing policies and guidance on information resources and 
technology management as required by law or regulation, or in 
consultation with program managers on issues of Departmental scope.
    6. Coordinating and supporting the Department's Chief Information 
Officer's Advisory Council, whose membership consists of the Chief 
Information Officers from each OPDIV.
    7. Establishing guidance and training requirements for managers of 
information systems designated as sensitive under the Department's 
automated information systems security program.
    8. Providing leadership for special priority initiatives of 
Department-wide scope (e.g., infrastructure management, security).
    9. Representing the Department through participation on interagency 
and Departmental work groups and task forces.
    10. Working with OPDIV Chief Information Officers to jointly 
identify opportunities for participation and consultation in 
administering information management functions and telecommunications 
initiatives with major effects on OPDIV performance. OITP provides 
leadership primarily in defining alternatives for acquisition of 
telecommunications services and coordinating implementation of 
information management initiatives.
    11. Managing the Department's telecommunications program, including 
the development of Departmental telecommunications policies and support 
of Government-wide telecommunications management projects and processes 
(e.g., the Interagency Management Council (IMC) and FTS2000 and 
successor contracts).
    13. Managing the Department's information collection program, 
including development of Departmental policies, coordinating the 
development of the Department's information collection budget, 
reviewing and certifying requests to collect, information from the 
public.
    13. Approving and reporting on computer matching activities as 
required by law through the Departmental Data Integrity Board.
    14. Managing the Departmental printing management, records 
management, and mail management policy programs.

[[Page 53723]]

    15. Providing support for special priority initiatives (e.g., the 
Government Information Locator System, Internet Electronic Government 
(E-GOV) managment).
    C. The Office of Information Technology Services (OITS) is 
responsible for the following:
    1. Operating, maintaining, and enhancing the Office of the 
Secretary's computer network consisting of interconnected local area 
networks with wide area network access to Departmental data centers, 
external organizations, Internet resources and commercial information 
services for the Office of the Secretary and organizations 
participating through interagency agreements.
    2. Establishing and monitoring network policies and procedures, and 
developing plans and budgets for network support services.
    3. Identifying, implementing, and maintaining standard office 
automation applications running on the Office of the Secretary network, 
such as electronic mail, scheduling, Internet/Intranet, and bulletin 
board services.
    4. Working with other HHS Operating and Staff Divisions to 
implement electronic links between the Office of the Secretary computer 
network and other networks in conjunction with changing user needs and 
technological advancements.
    5. Ensuring reliable, high-performance network services, including 
implementation of automated tools and procedures for network 
management, utilizing network performance measure to enhancing network 
security, providing priority response services for network-related 
problems, and providing remote access to the network for field use and 
for telecommuting.
    6. Implementing and operating electronic tools to enhance 
Secretarial communications with all HHS personnel.
    7. Coordinating with the Program Support Center or other external 
providers, the delivery of voice, voice messaging, and video 
conferencing services for the Office of the Secretary, including system 
design and implementation, and cost sharing.
    8. Coordinating the OS strategic planning and budgeting processes 
for information technology, providing direct planning support to assure 
that IRM plans support agency business planning and mission 
accomplishment.
    9. Developing policies and guidance on information resources 
management within the Office of the Secretary for acquisition and use 
of information technology, development of architectural standards for 
interoperability, and coordination of implementation procedures.
    10. Maintaining and operating the inventory of automated data 
processing equipment for the Office of the Secretary.
    11. Operating and maintaining an information technology support 
service (Help Desk) for the Office of the Assistant Secretary for 
Management and Budget, the Immediate Office of the Secretary, and 
subscribing Staff Divisions, for managing standard hardware and 
software configurations, user applications, and network support.
    12. Managing contracts for IRM-related equipment and support 
services.
    13. Coordinating and supporting the Office of the Secretary 
Information Resources Management Policy and Planning Board, an advisory 
body whose membership consists of the Staff Division Chief Information 
Officers.
    14. Representing the Department through participation on 
interagency and Departmental work groups and task forces.
    D. The Officer of Information Technology Development (OITD) is 
responsible for the following:
    1. Leading Departmental efforts to expand availability of 
electronic means for conducting business among all components of the 
Department, all agencies of the Federal government, and all parties 
involved in accomplishing Departmental program objectives (including 
State Governments, contractors, grantees, other service providers, and 
the general public). This include provision of existing documents in 
electronic format on the Internet in support of electronic 
dissemination to the public.
    2. Supporting implementation of general purpose, standards-based, 
distributed computing environments consisting of data communications 
networks, database management systems, and information processing 
platforms, to promote market competition and reengineering of 
application systems for cost-effectiveness, scalability, and 
flexibility.
    3. Providing access for all employees within the office of the 
Secretary to services and related tools, for systems engineering, 
applications development, and systems maintenance, to exploit the 
distributed computing environment and to share resources and best 
practices.
    4. Identifying key emerging, enabling technologies, especially 
Internet and database innovations, and coordinate, manage or direct 
pilot project in these areas to establish proof of concept, confirm 
return on investment, or implement initial production implementations 
in support of agency information technology business requirements.
    5. Supporting effective use of available means to achieve 
electronic messaging, database access, file transfer, and transaction 
processing through Internet and commercial information services.
    6. Supporting implementation of a general purpose, standards-base 
IT architecture, promoting and coordination implementation of data 
standards for information integration across application systems, 
utilizing distributed computing environments consisting of data 
communications networks, database management system, and information 
processing platforms.
    7. Assisting managers of applications systems to increase the value 
and quality of their services and to control risks associated with 
systems integration, technological obsolescence, software development, 
and migration to standards-based technologies, especially for systems 
automating common administrative and management services.
    8. Maintaining a collection of technical reference documents, 
including policies, standards, trade press, market research, and 
advisory service publications.
    9. Representing the Department through participation on interagency 
and Departmental work groups and task forces.
    10. Managing and supporting the HHS Internet Information Management 
Council, as the focal point for Internet information management and 
dissemination issues and Department policy to build HHS' expanding 
Internet presence.
    E. The Office of Information Technology Security and Privacy is 
responsible for the following:
    1. Implementing and administering the program to protect the 
information resources of the Department in compliance with legislation, 
Executive Orders, directives of the Office of Management and Budget 
(OMB), or other mandated requirements (e.g., Presidential Decision 
Directive 63, OMB Circular A-130), the National Security Agency, and 
other Federal agencies.
    2. Developing cyber security policies and guidance (e.g., hardware, 
software, telecommunications) for the Department. Policy should also 
include employees and contractors who are responsible for systems or 
data, or for the acquisition, management, or use of information 
resources. In addition, maintaining the DHHS Automated Information 
Systems Security Program handbook as needed.

[[Page 53724]]

    3. Monitoring OPDIV and StaffDiv information system security 
program activities by reviewing Operating Division and Staff Division 
security plans for sensitive systems, and evaluating safeguards to 
protect major information systems, or IT infrastructure.
    4. Responsible for responding to requests in conjunction with OMB 
Circular A-130, the Computer Security Act of 1987, and Presidential 
Decision Directive 63, or other legislative or mandated requirements 
related to IT security or privacy.
    5. Monitoring all Departmental systems development and operations 
for security and privacy compliance.
    6. Recommending to the CIO to grant or deny programs the authority 
to operate information systems.
    7. Establishing and leading inter-OPDIV teams to conduct reviews of 
OPDIV programs to protect HHS' cyber and personnel security programs. 
These teams will conduct vulnerability assessments of HHS' critical 
assets.
    8. Coordinating activities with internal and external organizations 
reviewing the Department's information resources for fraud, waste, and 
abuse, and to avoid duplication of effort across these programs.
    9. Developing, implementing, and evaluating an employee cyber 
security awareness and training program to meet the requirements as 
mandated by OMB Circular A-130, and the Computer Security Act.
    10. Establishing and providing leadership to the subcommittee of 
the HHS CIO Council on Security.
    11. Establishing and leading the HHS Computer Security Incident 
Response Capability team, the Department's overall cyber security 
incident response/coordination center and primary point of contact for 
Federal Computer Incident Response Capability (FedCIRC) and National 
Infrastructure Protection Center (NIPC).

    Dated: August 15, 2000.
John J. Callahan,
Assistant Secretary for Management and Budget.
[FR Doc. 00-22569 Filed 9-1-00; 8:45 am]
BILLING CODE 4150-04-M