2012-5862. Statement of Organization, Functions, and Delegations of Authority  

Part C (Centers for Disease Control and Prevention) of the Statement of Organization, Functions, and Delegations of Authority of the Department of Health and Human Services (45 FR 67772-76, dated October 14, 1980, and corrected at 45 FR 69296, October 20, 1980, as amended most recently at 77 FR 5804-5812, dated February 6, 2012) is amended to reflect the reorganization of the Office of the Chief Operating Officer, Office of the Director, Centers for Disease Control and Prevention.

Section C-B, Organization and Functions, is hereby amended as follows:

Delete in its entirety the functional statement for the Office of the Chief Operating Officer (CAJ), and insert the following:

Office of the Chief Operating Officer (CAJ). (1) Provides mission and values-based leadership, direction, support and assistance to CDC's programs and activities to enhance CDC's strategic position in public health; ensure responsible stewardship; maintain core values; optimize operational effectiveness of business services; and institutionalize accountability for achieving management initiatives; (2) directs the conduct of operational Start Printed Page 14526activities undertaken by Agency program support and management service staff, including, among others, facilities and real property planning and management; grants, procurement and materiel management; human resources management; information technology and systems planning and support; internal security and emergency preparedness; and management analysis and services; (3) manages the planning, evaluation, and implementation of continuous improvement and reengineering initiatives and adoption of innovations and technologies in these areas and ensures that they are undertaken in a comprehensive and integrated manner and with consideration of strategic implications for human capital planning; (4) maintains liaison with officials of DHHS responsible for the direction and conduct of DHHS program support and management services functions; (5) participates in the development of CDC's goals and objectives; (6) provides assistance to DHHS officials and to CDC's Centers/Institute/Offices (CI0s) to assure that the human resources of CDC are sufficient in numbers, training, and diversity to effectively conduct the public health mission of CDC; (7) provides direction for the Agency's ethics program and activities associated with Departmental and Presidential management initiatives; (8) provides direction in establishing accountable measures for financial management of both budget estimating and execution processes agencywide; and (9) provides guidance and ensures compliance with the budget priorities established by the Office of the Director, CDC.

Delete in their entirety the title and functional statement for the Administrative Services and Program Office (CAJ12).

After the functional statement for the Office of the Director (CAJ1), Office of the Chief Operating Officer (CAJ), insert the following:

Office of the Chief Financial Officer (CAJ1P). The Office of the Chief Financial Officer (OCFO), located within the Office of the Chief Operating Officer (OCOO), addresses agency-wide fiscal accountability and oversight. The OCFO supports CDC's mission to “save money through prevention” by ensuring appropriate fiscal stewardship of the tax payer dollar while CDC accomplishes its activities in the areas of disease research, prevention, and early detection. Accordingly, the OCFO: (1) Manages the financial risk of the agency; (2) provides oversight of the agency's financial activities and accounting practices; (3) performs reviews and training in high risk areas for both the agency and the Department where there appears to be fiscal vulnerabilities; (4) provides expertise in interpreting appropriations law issues and financial policy matters; (5) assists in the receipt, distribution and monitoring of agency issues submitted by the Office of the Inspector General Hotline; (6) advises and assists the CDC Director, the Chief Operating Officer, and other key agency officials (both in Program and Business Service Offices) on all fiscal aspects of the agency; and (7) provides support for public health by ensuring that appropriated funds provided to the agency are utilized, in compliance with Congressional mandate, for the sole purpose of preventing and controlling infectious diseases domestically and globally.

Delete in its entirety the title for the Human Capital Management Office (CAJQ), and insert the title Human Capital and Resources Management Office (CAJQ).

After the title and functional statements for the Human Capital and Resources Management Office (CAJQ), insert the following:

Office of the Chief Information Officer (CAJR). The mission of the Office of the Chief Information Officer (OCIO) is to administer CDC's information resources and information technology programs including collection, management, use, and disposition of data and information assets; development, acquisition, operation, maintenance, and retirement of information systems and information technologies; IT capital planning; enterprise architecture; information security; education, training, and workforce development in information and IT disciplines; development and oversight of information and IT policies, standards, and guidance; and administration of certain other general management functions and services for CDC.

Office of the Director (CAJR1). (1) Provides leadership, direction, support and assistance to CDC's programs and activities to enhance CDC's strategic position in public health informatics; information technology, and other information areas to optimize operational effectiveness support of CDC's mission and business services; (2) coordinates and oversees all CDC efforts in these areas; (3) serves as the accountable focus for CDC in these program areas and represents CDC with various external stakeholders, collaborators, service providers, oversight organizations, and others; (4) maintains liaison with officials of HHS responsible for the direction and conduct of such functions; and (5) directs the operations of offices within the OCIO to ensure effective and efficient service delivery and alignment with CDC strategic direction.

Enterprise Information Technology Portfolio Office (CAJR12). (1) Leads, plans, and manages CDC's information technology (IT) budget development and review processes; (2) plans and directs the Capital Planning Investment Control processes including investment selection, control and evaluation, business case analyses, lifecycle reviews, portfolio development, performance measures, and investment prioritization procedures; (3) develops and monitors earned value management analyses of project cost, schedule and deliverable commitments; (4) provides guidance to program and project managers on the use of the tools for preparing investment documentation that meet CDC, HHS, and OMB requirements; (5) develops CDC IT strategic and tactical plans; (6) leads development of the enterprise architecture and transition strategies; (7) collaborates with CDC staff to develop business process models for CDC public health functions; (8) develops and maintains a shared services catalog to promote reuse of existing resources; (9) supports CDC information resource governance structures including common processes, tools, techniques; (10) identifies needs and develops strategies and approaches to acquire and manage enterprise statistical software licenses; and (11) develops internal cost allocation methods and coordinates allocation of costs for annual license renewal payments.

Freedom of Information Act Office (CAJR13). (1) Leads and administers the Freedom of Information Act (FOIA) program for CDC and ATSDR; (2) reviews, analyzes, redacts as necessary, and releases documents to the public under the provisions of the Act; (3) tracks and monitors FOIA requests and responses to ensure timely and appropriate responses; (4) provides guidance to employees, supervisors, management, OGC and high-level agency officials on various aspects of the Act; (5) interprets and applies legal and technical precedents, laws and regulations relating to FOIA issues; and (6) provides training to program staff and management concerning FOIA requirements and processing.

CIMS Program Management Office (CAJR14). (1) Plans, develops, manages, and conducts oversight of CDC's information services contracts; (2) coordinates and facilitates contracts use including requirements development, specifications, performance needs, quality assurance and service delivery, and contract administration; and (3) Start Printed Page 14527provides guidance and assistance to programs on the various aspects of the contracts to meet their requirements.

Remove all CAJD standard administrative codes for the Information Technology Services Office (CAJD), and replace with the following:

Information Technology Services Office (CAJRB), Office of the Director (CAJRB1), Operations Branch (CARBB), Network Technology Branch (CAJRBC), Customer Services Branch (CAJRBD).

Remove all CAJG standard administrative codes for the Management Analysis and Services Office (CAJG), and replace with the following:

Management Analysis and Services Office (CAJRC), Office of the Director (CAJRC1), Management Assessment Branch (CAJRCB), Information Services Branch (CAJRCC), Business Process Analysis Branch (CAJRCD), Federal Advisory Committee Management Branch (CAJRCE),

Remove the CAJN standard administrative code for the Management Information Systems Office (CAJN), and replace with Management Information Systems Office (CAJRD).

After the functional statement for the Management Information Systems Office (CAJRD), insert the following:

Office of the Chief Information Security Officer (CAJRE). The mission of the Office of the Chief Information Security Officer (OCISO) is to administer CDC's information security program to protect CDC's information, information systems, and information technology commensurate with the risk and magnitude of harm resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of information collected or maintained by or on behalf of the agency.

Office of the Director (CAJRE1). (1) Manages and directs the activities and functions of the Office of the Chief Information Security Officer; (2) develops and maintains a CDC-wide information security program; (3) develops and maintains information security policies, procedures and control techniques to address the responsibilities assigned to the CDC under the Federal Information Security Management Act of 2002 (FISMA) and other governing statutes, regulations, and policies; (4) coordinates the professional development and operating procedures of CDC staff substantially involved in information security responsibilities; (5) assists CDC senior management concerning their FISMA responsibilities; and (6) ensures privacy management so personally identifiable information is appropriately collected, processed, stored and protected.

Operations, Analysis and Response Branch (CAJREB). (1) Performs continuous monitoring functions including enterprise security log correlation, vulnerability and compliance scanning and risk assessments; (2) performs network monitoring, security event correlation, forensic investigations, data recovery and malware analysis; (3) develops and maintains the CDC Computer Security Incident Response Team; (4) performs cyber security incident reporting according to US-CERT reporting guidelines; (5) facilitates cyber security incident remediation; (6) coordinates with law enforcement agencies and participates in cyber security intelligence activities; (7) develops enterprise security architecture, firewall management, cyber security tool management and CDC information resource governance—security component; and (8) supports OCISO IT operations; and (9) performs security product research and development, evaluation and testing.

Policy and Planning Branch (CAJREC). (1) Coordinates compliance and audit reviews; (2) develops cyber security policies and standards; (3) conducts system security tests and evaluations and identifies, assesses, prioritizes, and monitors the progress of corrective efforts for security weaknesses found in programs and systems; (4) maintains the Security Awareness Training program and coordinates significant security responsibilities and IT security training; (5) reviews and approves security and privacy related elements of OMB business cases; (6) conducts OCISO internal audit program and contract language reviews for information security and privacy act clearance decisions; (7) coordinates critical infrastructure protection continuity operations plans, data call management, E-Authentication and security requirements of CDC information system development; (8) conducts security reviews of non-standard software for use at CDC; and (9) coordinates FISMA security milestone oversight reporting and is the Office of Inspector General and Government Accounting Office Audit Liaison.