Public Health Service
Centers for Disease Control
and Prevention (CDC)
DEPARTMENT OF HEALTH & HUMAN SERVICES
Suzi M. Connor, Authorizing Official
Security Authorization Decision (Authorization to Operate) for the
Data Coordinating Center
Melissa Sharma, Epidemiologist
Based on the results of the security assessment of the
constituent system-level components located throughout the CDC and the supporting
evidence provided by the successful security risk assessment and the Plan of Action and
Milestones (POA&M), I have determined that the risk to agency operations, agency
assets, or individuals resulting from the operation of
acceptable. Accordingly, I am issuing an authorization to operate to
in its existing operating environment until 07/01/2024
is authorized without any significant restrictions or limitations.
This security authorization is my formal declaration that adequate security controls have
been implemented in
and that a satisfactory level of security is
present in the system.
Controls for this system must be reviewed annually in accordance with the requirements
detailed in the Federal Information Security Modernization Act of 2014. Modifications to
the system will be reviewed via a security impact analysis and, if identified as making
major changes to the overall system that affects the security controls or general
architecture, the system may be required to undergo a re-assessment and potential reauthorization to maintain a level of its assurance to operate and process data on CDC
A copy of this letter with all supporting security authorization documentation should be
retained in accordance with the CDC records retention schedules.
Suzi M. Connor S
Suzi M. Connor
Digitally signed by Suzi M.
Date: 2021.07.06 11:53:16
|File Title||AO Decision Letter|