Download:
pdf |
pdfU.S. DEPARTMENT OF HEALTH & HUMAN SERVICES
Public Health Service
Centers for Disease Control
and Prevention (CDC)
____________________________________________________________________________________
Memorandum
Date:
March 31, 2022
From:
Information Systems Security Officer (ISSO)
Center for Surveillance, Epidemiology, and Laboratory Services
Subject:
BioSense Authority to Operate
To:
Director
Division of Health Informatics and Surveillance
All federal IT information and systems must satisfy Federal Information Security Management Act of
2002 (FISMA). The Centers for Disease Control and Prevention (CDC) has implemented a Security
Assessment and Authorization (SA&A) process in concert with FISMA requirements, as well as an
ongoing change management and risk assessment process to ascertain and mitigate security risks
including those that may result from IT system changes. Along with this ongoing security evaluation and
testing, SA&A documentation and security test results for CDC systems are reviewed by system owners
and, if necessary, updated, no less than annually.
CDC’s Office of the Chief Information Security Officer (OCISO) oversees the formal security authorization
process, ensuring throughout the system life-cycle that FISMA-mandated security controls are tested for
accuracy, adequacy, and adherence to federal and CDC security policies and procedures.
The BioSense Platform has completed another SA&A process and has been granted an Authority to
Operate (ATO) on August 5, 2021, by the CDC.
Stephanie S. Shaw, MSM, MBA
7/6/2022
X
Stephanie S. Shaw
Stephanie S. Shaw
ISSO
Signed by: Stephanie S. Shaw -A
�
| File Type | application/pdf |
| File Title | Blank CDC Letterhead for Outgoing Correspondence |
| Subject | CDC Letterhead |
| Author | BAS4 |
| File Modified | 2022-07-06 |
| File Created | 2022-07-06 |