AGENCY:

Centers for Disease Control and Prevention (CDC), the Department of Health and Human Services (HHS).

ACTION:

Notice.

SUMMARY:

CDC has modified its structure. This notice announces the reorganization of the Office of the Chief Information Officer (OCIO). OCIO restructured to optimize support for the CDC Moving Forward reorganization and Data Modernization Initiatives.

DATES:

This reorganization of OSSAM was approved by the Director of CDC on June 28, 2023.

FOR FURTHER INFORMATION CONTACT:

Kimberly Thurmond, Office of the Chief Operating Officer, Office of the Director, Centers for Disease Control and Prevention, 1600 Clifton Road NE, MS TW–2, Atlanta, GA 30329. Telephone 770–488–4401; Email: reorgs@cdc.gov.

SUPPLEMENTARY INFORMATION:

Part C (Centers for Disease Control and Prevention) of the Statement of Organization, Functions, and Delegations of Authority of the Department of Health and Human Services (45 FR 67772–76, dated October 14, 1980, and corrected at 45 FR 69296, October 20, 1980, as amended most recently at 88 FR 9290–9291, dated February 13, 2023) is amended to reflect the reorganization of Office of the Chief Information Officer within the Office of the Chief Operating Officer, Centers for Disease Control and Prevention. Specifically, the changes are as follows:

I. Under Part C, Section C–B, Organization and Functions, retitle the following organizational units:

• Customer Engagement Office (CAJRH) to the Customer Experience Office (CAJRH).
• Technology Solutions Branch (CAJRJB) to the Application Services Branch (CAJRJB).
• Policy Branch (CAJRKB) to the Governance, Risk and Compliance Branch (CAJRKB).

II. Under Part C, Section C–B, Organization and Functions, add the following:

Technology Modernization Office (CAJR18). (1) advances the field of public health information technology (IT) for the Agency through the execution of applied research and innovation; (2) evaluates IT solutions and processes with customer feedback to guide and refine ideas for investment prioritization; (3) transitions new technology-based solutions, standards, and techniques for deployment and implementation (4) leads IT investment strategy; (5) serves as principal advisor for the development and implementation of the OCIO enterprise portfolio; (6) establishes, implements, and communicates a comprehensive and integrated framework for CDC enterprise architecture; (7) identifies needs and resources for new initiatives and assigns responsibilities for their development; (8) coordinates the development of a research agenda for information technology and public health collaboration; (9) implements processes for transitioning applied research into the application of innovative technologies to operations; (10) facilitates cross-functional collaboration across OCIO to achieve targeted performance goals and business outcomes for strategic priority initiatives; and (11) participates and represents the agency on technology innovation committees, workgroups, organizations, and councils, within CDC and with other Federal agencies.

Global Activities Branch (CAJRHE). (1) maintains all network, security, storage, and computer systems to support global mission activities; (2) detects and responds to global incidents that affect network performance and availability; (3) develops and maintains backup and recovery processes to enable global IT services, and global help desk support capabilities; and (4) collaborates with partners to implement country-specific IT regulations and requirements.

Data Transport Branch (CAJRJG). (1) provides business and technology capabilities that enable the development of enterprise-specific products and services that support bi-directional exchange of data between CDC and external customers; (2) manages the vision and strategy for the Data Transport platform and products to ensure alignment to customer needs and modernization goals; (3) works across OCIO service teams as well as all Centers, Institute and Offices (CIOs) at CDC to define current and future platform and product capabilities and requirements; (4) establishes and maintains platform and product lifecycle roadmaps; and (5) coordinates cross-platform and cross-product collaboration.

Cloud Services Branch (CAJRJH). (1) provides business and technology capabilities that enable the development of enterprise products and services; (2) obtains and manages cloud services from cloud service providers; (3) designs, deploys, and maintains Software as a Service, Platform as a Service, and Infrastructure as a Service such as virtual machines, networks, and databases; (4) manages the vision and strategy for Cloud platforms and products to ensure alignment to customer needs and modernization goals; (5) works across OCIO service teams as well as all CDC CIOs to define current and future platform and product capabilities and requirements; (6) establishes and maintains platform and product lifecycle roadmaps; and (7) coordinates cross-platform and cross-product collaboration.

Data Analytics and Visualization Branch (CAJRJJ). (1) provides business and technology capabilities that enable the development of enterprise-specific products and services that support data analytics and data visualization; (2) manages the vision and strategy for the Enterprise Data Analytics and Visualization (EDAV) platform and products to ensure alignment with customer needs and modernization goals; (3) works across OCIO service teams as well as all CDC CIOs to define current and future platform and product capabilities and requirements; (4) establishes and maintains platform and product lifecycle roadmaps; and (5) coordinates cross-platform and cross-product collaboration.

Business Automation Branch (CAJRJK). (1) provides business and technology capabilities that enable the development of enterprise-specific products and services; (2) manages the Start Printed Page 44302 vision and strategy for the IT business management platform and products to ensure alignment to customer needs and modernization goals; (3) works across OCIO service teams as well as all CDC CIOs to define current and future platform and product capabilities and requirements; (4) establishes and maintains platform and product lifecycle roadmaps; and (5) coordinates cross-platform and cross-product collaboration.

Governance, Risk and Compliance Branch (CAJRKB). (7) Establishes and implements information security risk management protocols and processes; (8) performs penetration testing of all external and important systems; (9) conducts security architecture reviews of key technologies; (10) manages corrective efforts for weakness management, including Plan of Action and Milestones; (11) collects, synthesizes, and reports on compliance to standards and cybersecurity incidents, including risks, issues, incidents, violations, and the status of remediation efforts (Attack Surface Management); and (12) manages CDC cybersecurity-related insider threat detection, response, and security awareness training programs.

Workplace Productivity Branch (CAJRJL). (1) provides business and technology capabilities that enable the development of enterprise-specific products and services; (2) manages the vision and strategy for the Workplace Productivity platform and products to ensure alignment to customer needs and modernization goals; (3) works across OCIO service teams as well as all CDC CIOs to define current and future platform and product capabilities and requirements; (4) establishes and maintains platform and product lifecycle roadmaps; and (5) coordinates cross-platform and cross-product collaboration.

III. Under Part C, Section C–B, Organization and Functions, delete the mission or functional statement for and replace with the following:

Office of the Chief Information Officer (CAJR). The mission of the OCIO is to administer the CDC's IT programs including collection, management, use, and disposition of data and information assets; development, acquisition, operation, maintenance, and retirement of information systems and information technologies; IT capital planning; enterprise architecture; information and cybersecurity; data privacy; accessibility program that includes responsibilities for executing sections 504 and 508 requirements; education, training, and workforce development in information and IT disciplines; development and oversight of information and IT policies, standards, and guidance; and administration of certain other general management functions and services for CDC.

Office of the Director (CAJRH1). (1) provides account management representing the entire range of OCIO products and services to OCIO customers; (2) maintains and expands OCIO customer relationships; (3) manages OCIO help desk response, coordination, tracking, and reporting; (4) provides and maintains end-user support services for OCIO products and devices; (5) works directly with customers to facilitate design sessions that integrate Human-Centered Design principles; (6) provides technical assistance for sections 504 and 508 of the Rehabilitation Act of 1973; (7) delivers Accessibility Program, closed captioning and meeting accessibility services; (8) evaluates assistive technologies and contract compliance; and (9) assesses and clears communication products for section 508 compliance.

Digital Services Office (CAJRJ). The Digital Services Office oversees agency-wide mission, business, and administrative customer-facing information technology solutions, and OCIO's modernization roadmap.

Office of the Director (CAJRJ1). (1) engages in appropriate governance processes necessary to approve new platform and product development and deployments for all customer-facing solutions; and (2) executes the OCIO modernization strategy and roadmap, and advocates for adequate resources to achieve the organization's strategic goals and objectives.

Application Services Branch (CAJRJB). (2) ensures applications and services meet customer and OCIO North Star architecture requirements and modernization objectives.

Infrastructure Services Branch (CAJRJE). (5) collaborates with Customer Experience Office to facilitate appropriate help desk support capabilities.

Office of the Director (CAJRK1). (1) manages CDC privacy policies, procedures, and processes; (2) ensures compliance with Federal Information Security Management Agency (FISMA), Office of Management and Budget, HHS, CDC, and other government mandates, and regulations; (3) provides FISMA management, including audits of agency IT assets (architecture, hardware, software, networks, hosted applications, etc.) for possible security risks and compliance to cybersecurity standards and policies identified by the Governance, Risk and Compliance Branch; (4) provides oversight and implementation of information security continuous monitoring activities, including maintenance of the agency's continuous diagnostics and mitigation and High Value Asset programs; (5) manages CDC cybersecurity-related insider threat detection, response, and security awareness training programs; (6) manages and executes privacy incident response, including compliance and remediation efforts; (7) performs personally identifiable information inventory and data classification mapping; and (8) works with OCIO offices and customers to effectively implement privacy standards in support of program outcomes.

IV. Under Part C, Section C–B, Organization and Functions, delete in its entirety the title and functional statement for the following:

• Enterprise Data Office (CAJR17).
• Emerging Technology and Design Acceleration Branch (CAJRHD).
• Product Management Branch (CAJRJC).
• Risk Compliance Branch (CAJRKC).

Delegations of Authority

All delegations and redelegations of authority made to officials and employees of affected organizational components will continue in them or their successors pending further redelegation, provided they are consistent with this reorganization.

(Authority: 44 U.S.C. 3101)