Authorization to Operate for the DCC

Reset
Public Health Service
Centers for Disease Control
and Prevention (CDC)

DEPARTMENT OF HEALTH & HUMAN SERVICES

Memorandum
Date

07/02/2021

From

Suzi M. Connor, Authorizing Official

Subject

Security Authorization Decision (Authorization to Operate) for the

Data Coordinating Center
(
To

DCC

)

Melissa Sharma, Epidemiologist
DCC
Based on the results of the security assessment of the
and its
constituent system-level components located throughout the CDC and the supporting
evidence provided by the successful security risk assessment and the Plan of Action and
Milestones (POA&M), I have determined that the risk to agency operations, agency
DCC
assets, or individuals resulting from the operation of
is
acceptable. Accordingly, I am issuing an authorization to operate to
DCC
in its existing operating environment until 07/01/2024
.
DCC
is authorized without any significant restrictions or limitations.
This security authorization is my formal declaration that adequate security controls have
DCC
been implemented in
and that a satisfactory level of security is
present in the system.
Controls for this system must be reviewed annually in accordance with the requirements
detailed in the Federal Information Security Modernization Act of 2014. Modifications to
the system will be reviewed via a security impact analysis and, if identified as making
major changes to the overall system that affects the security controls or general
architecture, the system may be required to undergo a re-assessment and potential reauthorization to maintain a level of its assurance to operate and process data on CDC
networks.
A copy of this letter with all supporting security authorization documentation should be
retained in accordance with the CDC records retention schedules.

X

Suzi M. Connor S

Suzi M. Connor
Authorizing Official

Digitally signed by Suzi M.
Connor -S
Date: 2021.07.06 11:53:16
-04'00'