Download:
pdf |
pdfU.S. DEPARTMENT OF HEALTH & HUMAN SERVICES
Public Health Service
Centers for Disease Control
and Prevention (CDC)
____________________________________________________________________________________
Memorandum
Date:
March 28, 2019
From:
Information Systems Security Officer (ISSO)
Center for Surveillance, Epidemiology, and Laboratory Services
Subject:
BioSense Authority to Operate
To:
Director
Division of Health Informatics and Surveillance
All federal IT information and systems must satisfy Federal Information Security Management Act of
2002 (FISMA). The Centers for Disease Control and Prevention (CDC) has implemented a Security
Assessment and Authorization (SA&A) process in concert with FISMA requirements, as well as an
ongoing change management and risk assessment process to ascertain and mitigate security risks
including those that may result from IT system changes. Along with this ongoing security evaluation and
testing, SA&A documentation and security test results for CDC systems are reviewed by system owners
and, if necessary, updated, no less than annually.
CDC’s Office of the Chief Information Security Officer (OCISO) oversees the formal security authorization
process, ensuring throughout the system life-cycle that FISMA-mandated security controls are tested for
accuracy, adequacy, and adherence to federal and CDC security policies and procedures.
The BioSense Platform has completed another SA&A process and has been granted an Authority to
Operate (ATO) on July 13, 2018 by the CDC.
Stephanie S. Shaw, MSM, MBA
3/28/2019
X
Stephanie S. Shaw
Stephanie S. Shaw
ISSO
Signed by: PIV
File Type | application/pdf |
File Modified | 0000-00-00 |
File Created | 0000-00-00 |