2011-26007. Statement of Organization, Functions and Delegations of Authority  

This notice amends Part R of the Statement of Organization, Functions and Delegations of Authority of the Department of Health and Human Services (HHS), Health Resources and Services Administration (HRSA) (60 FR 56605, as amended November 6, 1995; as last amended at 76 FR 54236 dated August 31, 2011).

This notice reflects organizational changes to the Health Resources and Services Administration. Specifically, this notice updates the Office of Information Technology (RB5) functional statement. The update to the functional statement will better align functional responsibility with improved security management capabilities and improved alignment of current security initiatives within the Office of Information Technology (RB5).

Chapter RB5—Office of Information Technology

Section RB5-10, Organization

The Office of Information Technology (RB5) is headed by the Director and Chief Information Officer, who reports directly to the Chief Operating Officer.

Section RB5-20, Functions

(1) Delete the functional statement for the Office of the Director (RB5) and replace in its entirety; and (2) delete the functional statement for the Division of IT Operational Support Services (RB58) and replace in its entirety.

Office of the Director (RB5)

The Chief Information Officer (CIO) is responsible for the organization, management, and administrative functions necessary to carry out the responsibilities of the CIO including: (1) Provides organizational development, investment control, budget formulation and execution, policy development, strategic and tactical planning, and performance monitoring; (2) provides leadership in the development, review and implementation of policies and procedures to promote improved information technology management capabilities and best practices throughout HRSA; and (3) coordinates IT workforce issues and works closely with the departmental Office of Human Resources Management on IT recruitment and training issues.

The Chief Information Security Officer (CISO), reporting to the CIO, provides leadership for, and collaborates with, Agency staff to oversee the implementation of security and privacy policy in the management of their IT systems, and plans all activities associated with Federal Information Security Management Act (FISMA) or other agency security and privacy initiatives, and also carries out the responsibilities including: (1) Implements, coordinates, and administers security and privacy programs to protect the information resources of HRSA in compliance with legislation, Executive Orders, directives of the Office of Management and Budget (OMB), or other mandated requirements e.g., Presidential Decision Directive 63, Start Printed Page 62421OMB Circular A-130, the National Security Agency, the Privacy Act, and other Federal agencies; (2) executes the Agency's Risk Management Program, evaluates and assists with the implementation of safeguards to protect major information systems, and IT infrastructure; (3) manages the development, implementation, and evaluation of the HRSA information technology security and privacy training program to meet the requirements as mandated by OMB Circular A-130, the Computer Security Act, and Privacy Act; (4) assesses all new emerging technologies and impact on technology integration on HRSA missions and program objectives; (5) provides leadership for strategic planning that leverages information systems security, program strategies, and advanced technology integration to achieve program objectives through innovative technology use; (6) the HRSA Incident Response Center (HIRC) provides a centralized, responsive resource for computer security incident reporting, management, and situational awareness of the Department's information security posture; (7) provides services include computer security situational awareness reports, computer forensics, cyber-related advisories, as well as cyber alerts, warnings, and Block/Watch lists are utilized and disseminated; (8) the HIRC coordinates with other Agencies and organizations for computer security and maintains a lab where new products are tested to insure that HRSA is utilizing state of the art, cutting edge technologies to ensure the secure operation of the HRSA infrastructure; and (9) provides leadership for ongoing cyber protection and incident detection response, reporting, and handling in accordance with OMB and departmental guidance.

Division of IT Operational Support Services (RB58)

The Division of IT Operational Support Services (ITOSS) (1) provides leadership, consultation, training, and management services for HRSA's enterprise computing environment; (2) directs and manages the support and acquisition of HRSA network and desktop hardware, servers, wireless communication devices, and software licenses; (3) is responsible for the HRSA Data Center and the operation and maintenance of a complex, high-availability network infrastructure on which mission-critical applications are made available 24 hours per day, 7 days per week; (4) controls infrastructure configuration management, installations and upgrades, security perimeter protection, and system resource access; (5) coordinates IT activities for Continuity of Operations Planning (COOP) Agency-wide including provisioning and maintaining IT infrastructure and hardware at designated COOP locations to support emergency and COOP requirements; (6) maintains workstation hardware and software configuration management controls; (7) the Chief Technology Officer (CTO), reporting to the ITOSS Division Director is responsible for assessing emerging technologies and the subsequent impact on current infrastructure restraints and program objectives; (8) coordinates and engages with all OIT Divisions and Branches to insure that advanced technology is being utilized to achieve program objectives through innovative technology use; and (9) provides leadership and establishes policy and provides oversight for Agency IT configuration management.

Section RB5-30, Delegations of Authority

All delegations of authority and re-delegations of authority made to HRSA officials that were in effect immediately prior to this reorganization, and that are consistent with this reorganization, shall continue in effect pending further re-delegation.

This reorganization is effective upon date of signature.