[Federal Register Volume 77, Number 48 (Monday, March 12, 2012)]
[Notices]
[Pages 14525-14527]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2012-5862]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Centers for Disease Control and Prevention


Statement of Organization, Functions, and Delegations of 
Authority

    Part C (Centers for Disease Control and Prevention) of the 
Statement of Organization, Functions, and Delegations of Authority of 
the Department of Health and Human Services (45 FR 67772-76, dated 
October 14, 1980, and corrected at 45 FR 69296, October 20, 1980, as 
amended most recently at 77 FR 5804-5812, dated February 6, 2012) is 
amended to reflect the reorganization of the Office of the Chief 
Operating Officer, Office of the Director, Centers for Disease Control 
and Prevention.
    Section C-B, Organization and Functions, is hereby amended as 
follows:
    Delete in its entirety the functional statement for the Office of 
the Chief Operating Officer (CAJ), and insert the following:
    Office of the Chief Operating Officer (CAJ). (1) Provides mission 
and values-based leadership, direction, support and assistance to CDC's 
programs and activities to enhance CDC's strategic position in public 
health; ensure responsible stewardship; maintain core values; optimize 
operational effectiveness of business services; and institutionalize 
accountability for achieving management initiatives; (2) directs the 
conduct of operational

[[Page 14526]]

activities undertaken by Agency program support and management service 
staff, including, among others, facilities and real property planning 
and management; grants, procurement and materiel management; human 
resources management; information technology and systems planning and 
support; internal security and emergency preparedness; and management 
analysis and services; (3) manages the planning, evaluation, and 
implementation of continuous improvement and reengineering initiatives 
and adoption of innovations and technologies in these areas and ensures 
that they are undertaken in a comprehensive and integrated manner and 
with consideration of strategic implications for human capital 
planning; (4) maintains liaison with officials of DHHS responsible for 
the direction and conduct of DHHS program support and management 
services functions; (5) participates in the development of CDC's goals 
and objectives; (6) provides assistance to DHHS officials and to CDC's 
Centers/Institute/Offices (CI0s) to assure that the human resources of 
CDC are sufficient in numbers, training, and diversity to effectively 
conduct the public health mission of CDC; (7) provides direction for 
the Agency's ethics program and activities associated with Departmental 
and Presidential management initiatives; (8) provides direction in 
establishing accountable measures for financial management of both 
budget estimating and execution processes agencywide; and (9) provides 
guidance and ensures compliance with the budget priorities established 
by the Office of the Director, CDC.
    Delete in their entirety the title and functional statement for the 
Administrative Services and Program Office (CAJ12).
    After the functional statement for the Office of the Director 
(CAJ1), Office of the Chief Operating Officer (CAJ), insert the 
following:
    Office of the Chief Financial Officer (CAJ1P). The Office of the 
Chief Financial Officer (OCFO), located within the Office of the Chief 
Operating Officer (OCOO), addresses agency-wide fiscal accountability 
and oversight. The OCFO supports CDC's mission to ``save money through 
prevention'' by ensuring appropriate fiscal stewardship of the tax 
payer dollar while CDC accomplishes its activities in the areas of 
disease research, prevention, and early detection. Accordingly, the 
OCFO: (1) Manages the financial risk of the agency; (2) provides 
oversight of the agency's financial activities and accounting 
practices; (3) performs reviews and training in high risk areas for 
both the agency and the Department where there appears to be fiscal 
vulnerabilities; (4) provides expertise in interpreting appropriations 
law issues and financial policy matters; (5) assists in the receipt, 
distribution and monitoring of agency issues submitted by the Office of 
the Inspector General Hotline; (6) advises and assists the CDC 
Director, the Chief Operating Officer, and other key agency officials 
(both in Program and Business Service Offices) on all fiscal aspects of 
the agency; and (7) provides support for public health by ensuring that 
appropriated funds provided to the agency are utilized, in compliance 
with Congressional mandate, for the sole purpose of preventing and 
controlling infectious diseases domestically and globally.
    Delete in its entirety the title for the Human Capital Management 
Office (CAJQ), and insert the title Human Capital and Resources 
Management Office (CAJQ).
    After the title and functional statements for the Human Capital and 
Resources Management Office (CAJQ), insert the following:
    Office of the Chief Information Officer (CAJR). The mission of the 
Office of the Chief Information Officer (OCIO) is to administer CDC's 
information resources and information technology programs including 
collection, management, use, and disposition of data and information 
assets; development, acquisition, operation, maintenance, and 
retirement of information systems and information technologies; IT 
capital planning; enterprise architecture; information security; 
education, training, and workforce development in information and IT 
disciplines; development and oversight of information and IT policies, 
standards, and guidance; and administration of certain other general 
management functions and services for CDC.
    Office of the Director (CAJR1). (1) Provides leadership, direction, 
support and assistance to CDC's programs and activities to enhance 
CDC's strategic position in public health informatics; information 
technology, and other information areas to optimize operational 
effectiveness support of CDC's mission and business services; (2) 
coordinates and oversees all CDC efforts in these areas; (3) serves as 
the accountable focus for CDC in these program areas and represents CDC 
with various external stakeholders, collaborators, service providers, 
oversight organizations, and others; (4) maintains liaison with 
officials of HHS responsible for the direction and conduct of such 
functions; and (5) directs the operations of offices within the OCIO to 
ensure effective and efficient service delivery and alignment with CDC 
strategic direction.
    Enterprise Information Technology Portfolio Office (CAJR12). (1) 
Leads, plans, and manages CDC's information technology (IT) budget 
development and review processes; (2) plans and directs the Capital 
Planning Investment Control processes including investment selection, 
control and evaluation, business case analyses, lifecycle reviews, 
portfolio development, performance measures, and investment 
prioritization procedures; (3) develops and monitors earned value 
management analyses of project cost, schedule and deliverable 
commitments; (4) provides guidance to program and project managers on 
the use of the tools for preparing investment documentation that meet 
CDC, HHS, and OMB requirements; (5) develops CDC IT strategic and 
tactical plans; (6) leads development of the enterprise architecture 
and transition strategies; (7) collaborates with CDC staff to develop 
business process models for CDC public health functions; (8) develops 
and maintains a shared services catalog to promote reuse of existing 
resources; (9) supports CDC information resource governance structures 
including common processes, tools, techniques; (10) identifies needs 
and develops strategies and approaches to acquire and manage enterprise 
statistical software licenses; and (11) develops internal cost 
allocation methods and coordinates allocation of costs for annual 
license renewal payments.
    Freedom of Information Act Office (CAJR13). (1) Leads and 
administers the Freedom of Information Act (FOIA) program for CDC and 
ATSDR; (2) reviews, analyzes, redacts as necessary, and releases 
documents to the public under the provisions of the Act; (3) tracks and 
monitors FOIA requests and responses to ensure timely and appropriate 
responses; (4) provides guidance to employees, supervisors, management, 
OGC and high-level agency officials on various aspects of the Act; (5) 
interprets and applies legal and technical precedents, laws and 
regulations relating to FOIA issues; and (6) provides training to 
program staff and management concerning FOIA requirements and 
processing.
    CIMS Program Management Office (CAJR14). (1) Plans, develops, 
manages, and conducts oversight of CDC's information services 
contracts; (2) coordinates and facilitates contracts use including 
requirements development, specifications, performance needs, quality 
assurance and service delivery, and contract administration; and (3)

[[Page 14527]]

provides guidance and assistance to programs on the various aspects of 
the contracts to meet their requirements.
    Remove all CAJD standard administrative codes for the Information 
Technology Services Office (CAJD), and replace with the following:
    Information Technology Services Office (CAJRB), Office of the 
Director (CAJRB1), Operations Branch (CARBB), Network Technology Branch 
(CAJRBC), Customer Services Branch (CAJRBD).
    Remove all CAJG standard administrative codes for the Management 
Analysis and Services Office (CAJG), and replace with the following:
    Management Analysis and Services Office (CAJRC), Office of the 
Director (CAJRC1), Management Assessment Branch (CAJRCB), Information 
Services Branch (CAJRCC), Business Process Analysis Branch (CAJRCD), 
Federal Advisory Committee Management Branch (CAJRCE),
    Remove the CAJN standard administrative code for the Management 
Information Systems Office (CAJN), and replace with Management 
Information Systems Office (CAJRD).
    After the functional statement for the Management Information 
Systems Office (CAJRD), insert the following:
    Office of the Chief Information Security Officer (CAJRE). The 
mission of the Office of the Chief Information Security Officer (OCISO) 
is to administer CDC's information security program to protect CDC's 
information, information systems, and information technology 
commensurate with the risk and magnitude of harm resulting from the 
unauthorized access, use, disclosure, disruption, modification, or 
destruction of information collected or maintained by or on behalf of 
the agency.
    Office of the Director (CAJRE1). (1) Manages and directs the 
activities and functions of the Office of the Chief Information 
Security Officer; (2) develops and maintains a CDC-wide information 
security program; (3) develops and maintains information security 
policies, procedures and control techniques to address the 
responsibilities assigned to the CDC under the Federal Information 
Security Management Act of 2002 (FISMA) and other governing statutes, 
regulations, and policies; (4) coordinates the professional development 
and operating procedures of CDC staff substantially involved in 
information security responsibilities; (5) assists CDC senior 
management concerning their FISMA responsibilities; and (6) ensures 
privacy management so personally identifiable information is 
appropriately collected, processed, stored and protected.
    Operations, Analysis and Response Branch (CAJREB). (1) Performs 
continuous monitoring functions including enterprise security log 
correlation, vulnerability and compliance scanning and risk 
assessments; (2) performs network monitoring, security event 
correlation, forensic investigations, data recovery and malware 
analysis; (3) develops and maintains the CDC Computer Security Incident 
Response Team; (4) performs cyber security incident reporting according 
to US-CERT reporting guidelines; (5) facilitates cyber security 
incident remediation; (6) coordinates with law enforcement agencies and 
participates in cyber security intelligence activities; (7) develops 
enterprise security architecture, firewall management, cyber security 
tool management and CDC information resource governance--security 
component; and (8) supports OCISO IT operations; and (9) performs 
security product research and development, evaluation and testing.
    Policy and Planning Branch (CAJREC). (1) Coordinates compliance and 
audit reviews; (2) develops cyber security policies and standards; (3) 
conducts system security tests and evaluations and identifies, 
assesses, prioritizes, and monitors the progress of corrective efforts 
for security weaknesses found in programs and systems; (4) maintains 
the Security Awareness Training program and coordinates significant 
security responsibilities and IT security training; (5) reviews and 
approves security and privacy related elements of OMB business cases; 
(6) conducts OCISO internal audit program and contract language reviews 
for information security and privacy act clearance decisions; (7) 
coordinates critical infrastructure protection continuity operations 
plans, data call management, E-Authentication and security requirements 
of CDC information system development; (8) conducts security reviews of 
non-standard software for use at CDC; and (9) coordinates FISMA 
security milestone oversight reporting and is the Office of Inspector 
General and Government Accounting Office Audit Liaison.

     Dated: March 5, 2012.
 Thomas R. Frieden,
 Director, Centers for Disease Control and Prevention.
[FR Doc. 2012-5862 Filed 3-9-12; 8:45 am]
BILLING CODE 4160-18-M