CDC Home



A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X-Z

Top of PageA
Activity - An activity is a term used by the SDN to distinguish a service that is provided by the SDN within a particular service that is being accessed by users. An example of an activity could be accessing a particular application, downloading training materials, uploading a data file. All of these activities, if performed for a particular branch or project, would be contained within one program within the SDN.

Administrative Records - Those records created by several or all Federal agencies in performing common facilitative functions that support the agency's mission activities, but do not directly document the performance of mission functions. Administrative records relate to activities such as budget and finance, human resources, equipment and supplies, facilities, public and congressional relations, and contracting.

Annual Operational Assessment - The Annual Operational Assessment (AOA) combines elements from the CPIC evaluation and results from monitoring the performance of the Business Product during normal operations against original user requirements and any newly implemented requirements or changes. This document assists in the analysis of alternatives for deciding on new functional enhancements and/or modifications to the business product, or the need to dispose of or replace the business product altogether.

Apelon - A tool used to manage enterprise-wide vocabularies.

Application - The use of information resources (information and information technology) to satisfy a specific set of user requirements (OMB A-130, App. III). In particular, an application is usually considered to be the software component of a system. An application runs on, and may or may not be part of, a general support system. The terms “application” and “information system” are sometimes used interchangeably although the latter has a broader definition to include general support systems.

Archive - A place or collection containing records, documents, or other materials of historical interest.

Assumption - An assumption is something taken for granted or accepted as true without proof.

Authentication - The process of determining whether someone or something is, in fact, who or what it is declared to be.

Authority to Operate (ATO) - An Authority to Operate (ATO) is a formal declaration by a Designated Approving Authority (DAA) that authorizes operation of a Business Product and explicitly accepts the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls. Though not security-specific, formal documentation of Section 508 Certification or Exception is also required before a Business Product can be released into operation. Continued Authority to Operate results from a periodic review of an operating Business Product, a Continued ATO is a formal declaration by a DAA that a Business Product is approved to continue to operate at an acceptable level of risk in the designated production environment.

Authorization - Having the appropriate levels of permission to access a specific application or perform a specific function.


Top of PageB
Baseline - The approved time phased plan (for a project, a work breakdown structure component, a work package, or a schedule activity), plus or minus approved project scope, cost, schedule, and technical changes. Baselines are the standard against which actual work is measured. Baselines are used in the annual report to Congress required by Federal Acquisition Streamlining Act Title V on variances of 10 percent or more from cost and schedule goals and any deviation from performance (scope) goals. Baseline cost and schedule goals should be realistic projections of total cost, total time to complete the project, and interim cost and schedule goals. Performance (scope) goals should be realistic assessments of what the investment or project is intended to accomplish, expressed in quantitative terms, if possible.

Baseline Finish Date - The finish date of a schedule activity in the approved schedule baseline.

Baseline Start Date - The start date of a schedule activity in the approved schedule baseline.

Baseline Review - A customer review conducted to determine with a limited sampling that a contractor is continuing to use the previously accepted performance system and is properly implementing a baseline on the contract or option under review.

Baseline Schedule - A fixed project schedule. It is the standard by which project performance is measured. The current schedule is copied into the baseline.

Budget - The approved estimate for the project or any work breakdown structure component or any schedule activity.

Business Case - The Business Case is a documented, structured proposal for business improvement that is prepared to facilitate a selection decision for a proposed investment or project by organizational decision makers. The Business Case describes the reasons and justification for the investment or project in terms of business process performance, needs and/or problems, and expected benefits. It identifies the high-level requirements that are to be satisfied, an analysis of proposed alternative solutions (with reasons for rejecting or carrying forward each option), assumptions, constraints, a risk-adjusted cost-benefit analysis, and preliminary acquisition plan.

Business Continuity Planning - Business continuity planning (BCP) puts procedures in place that minimize the effect of an interruption to an organization's operations as a result of a natural disaster or other disruption to one or more mission-critical services. BCP is designed to ensure that essential functions can continue during and after a disaster and that mission-critical services are fully functional as soon as possible following an interruption.

Business Needs Statement - A Business Needs Statement identifies the business need for a proposed investment or project. It includes a brief description of the proposed project's purpose, goals, and scope. The Business Needs Statement provides sufficient information to justify a decision whether or not the organization should move forward with the development of a full business case.

Business Owner - The executive in charge of the organization, who serves as the primary customer and advocate for an IT project. The Business Owner is responsible for identifying the business needs and performance measures to be satisfied by an IT project; providing funding for the IT project; establishing and approving changes to cost, schedule and performance goals; and validating that the IT project initially meets business requirements and continues to meet business requirements.

Business Product - The Business Product is the primary result from the development effort that satisfies the established requirements. In software development efforts, it includes the original source code and machine-compiled, executable computer instructions and data repository(ies). It also includes an identification and description of all configuration items that comprise a specific build or release of the Business Product.

Business Recovery Plan - Focuses on restoring business processes after an emergency.

Business Steward -Takes official and personal responsibility for observation of appropriate standards of data security, integrity and privacy in the specification of the requirements.


Top of PageC
C&E PIA W Database - A C&E internal repository for PIAWs as they wait for OCISO signatures and SORN labels.

Capital Planning and Investment Control (CPIC) - The CPIC process is an integrated, structured methodology to managing IT investments, which ensures that IT investments align with HHS' mission and support business needs while minimizing risks and maximizing returns throughout the investment's lifecycle. CPIC uses a systematic selection, control, and continual evaluation process to ensure that an investment supports HHS' mission and business needs.

Certification Agent - The individual responsible for making a technical judgment of the IT system's compliance with stated security requirements, identifying, assessing, and documenting the risks associated with operating the system, coordinating the certification activities, and consolidating the final C&A packages.

Certification and Accreditation (C&A) - An agency-wide information security program designed to safeguard IT assets and data of the respective agency. C&A is composed of those activities and processes required to maintain security of information systems, periodically review the security controls, and maintain the certification and authorization of the information system to operate. This process includes activities involved in the security planning and security testing certification and authorization processes. The C&A phase of the security process is where the system staff (outlined in the security documentation) performs the day-to-day functions required to maintain an appropriate level of security to protect the system. This phase is ongoing while the system is in operation.

Change Control Board (CCB) - A formally constituted group of stakeholders responsible for reviewing, evaluating, approving, delaying, or rejecting changes to the project, with all decisions and recommendations being recorded.

Change Control System - A collection of formal documented procedures that define how project deliverables and documentation will be controlled, changed, and approved.

Change Management - The change management process establishes an orderly and effective practice that tracks the submission, coordination, review, evaluation, categorization, and approval for release of all changes to the baseline configuration.

Change Management Log - A tool used by project teams to document and track the resolution of change requests.

Change Request (CR) - A request to expand or reduce the project scope, modify policies, processes, plans, or procedures, modify costs or budgets, or revise schedules. Requests for a change can be direct or indirect, externally or internally initiated, and legally or contractually mandated or optional. Only formally documented requested changes are processed and only approved change requests are implemented.

Change Request Form - A form that is submitted to request a change.

Charter - See Project Charter

Chief Information Officer (CIO) - The Office of the Chief Information Officer advises the Secretary and the Assistant Secretary for Resources and Technology (ASRT) on matters pertaining to the use of information and related technologies to accomplish Departmental goals and program objectives. The mission of the Office is to establish and provide: Assistance and guidance on the use of technology-supported business process reengineering; investment analysis; performance measurement; strategic development and application of information systems and infrastructure; policies to provide improved management of information resources and technology; and better, more efficient service to our clients and employees.

CIO Council - The HHS CIO Council, a cross-OPDIV review committee comprised of the OPDIV CIOs and chaired by the HHS CIO, is responsible for reviewing the technical and managerial soundness of IT investments and providing technical recommendations to the ITIRB.

Classified Information/Material - Information that has been determined, pursuant to Executive Order 12958 as amended or any predecessor order, to require protection against unauthorized disclosure and is marked to indicate its classified status when in documentary form. (Ref. EO12958 as amended)

Code of Federal Regulations (CFR) - A systematically arranged collection of laws and regulations.

Code System - A Code System is a controlled vocabulary. A Code System can either be standards based (i.e., SNOMED, LOINC) or non-standards based (i.e., a CDC defined Code System).

Commercial Item - Any item, other than real property, that has been sold, leased or licensed to the general public.

Commercial Off-the-Shelf (COTS) - COTS refers to a product available in the commercial market place. COTS products are sold to the general public in the course of normal commercial business operations at prices based on established catalog or market prices (Federal Acquisition Regulations). COTS products are delivered with pre-established functionality, although some degree of customization is possible.

Computer Match Agreement (CMA) - A Computer Match Agreement CMA is a written accord that establishes the conditions, safeguards, and procedures under which a Federal organization agrees to disclose data where there is a computerized comparison of two or more automated System of Records (SORs). In conjunction with a CMA, an Inter/Intra-agency Agreement (IA) is also prepared when the SOR(s) involved in the comparison are the responsibility of another Federal agency.

Commercial Off-the-Shelf Software (COTS) - Software or hardware products that are ready-made and available for sale to the general public.

Communication - A process through which information is exchanged among persons using a common system of symbols, signs, or behaviors.

Communication Management Plan - A document that describes: the communications needs and expectations for the project; how and in what format information will be communicated; when and where each communication will be made; and who is responsible for providing each type of communication.

Communication Planning - the process of determining the information and communications needs of the project and its stakeholders: who they are, what is their level of interest and influence on the project, who needs what information, when will they need it, and how it will be given to them.

Communication Security (COMSEC) - Measures taken to deny unauthorized persons information derived from telecommunications of the U. S. Government concerning national security, and to ensure the authenticity of such telecommunications. (COMSEC includes crypto-security, emission security, transmission security, and physical security of COMSEC material and information.) (Ref. NSA Manual 90-2)

Configuration Management - The process of identifying and defining configuration items in a system, recording and reporting the status of those items, requests for change, and verifying completeness. Typically, a configuration management system will control definable units such as files, requirements, documents, etc.

Configuration Item - An item part of the configuration management process that can be individually managed and versioned. Typically these are definable and include such items as files, requirements, documents, etc.

Constraint - A constraint is an applicable restriction or limitation, either internal or external to the project that will affect the performance of the project.

Contingency Plan - A documented, organized, planned, and coordinated course of action to be followed if an identified risk escalates into a project issue.

Contingency/Disaster Recovery Plan - The Contingency/Disaster Recovery Plan describes the strategy and organized course of action that is to be taken if things don't go as planned or if there is a loss of use of the established business product (e.g., system) due to a disaster such as a flood, fire, computer virus, or major failure. The plan describes the strategy for ensuring recovery of the business product in accordance with stated recovery time and recovery point objectives.

Continuity of Operations Plan - Mandated by Presidential Decision Directive (PDD) 67, Enduring Constitutional Government and Continuity of Government Operations, focuses on restoring essential functions at an alternate location and performing them for some time before returning to normal operations.

Continuity of Support Plan - Required by the Office of Management and Budget (OMB) Circular A-130, Appendix III, focuses on the capability of continuing support and service provided by major applications.

Contract - A mutually binding legal relationship obligating the seller to furnish the supplies or services and the buyer to pay for them. It includes all types of commitments that obligate the Government to an expenditure of appropriated funds and that, except as otherwise authorized, are in writing.

Contract Fund Status Report (CFSR) - A status report that provides investment and project managers with the following information necessary to: Update and forecast contract fund requirements; Plan and decide on funding changes; Develop fund requirements and budget estimates to support approved investments or projects; Determine funds in excess of contract needs and available for de-obligation; Develop rough estimates of termination costs; Determine if sufficient funds are available by fiscal year to execute the contract. Typically, the investment or project manager requires only the minimum data necessary for effective management control. The contracting officer and contractor negotiate reporting provisions in the contract, including level of detail and reporting frequency. In addition, the CFSR is not applied to Firm-Fixed Price contracts unless unusual circumstances dictate specific funding visibility.

Contract Officer - The Contracting Officer has the authority to enter into, administer, and/or terminate contracts and make related determinations and findings. The term includes certain authorized representatives of the contracting officer acting within limits of their authority as delegated by the contracting officer. The contracting officer and/or its representative is accountable for preparing solicitation documents with technical support from the Project Manager and acting on behalf of the Head of the Contracting Activity.

Contract Performance Report - The Contract Performance Report (CPR), a periodic Earned Value report, presents the cost, schedule, and performance data for the current period and cumulatively. Typically, the CPR presents costs organized by WBS element at a level pre-determined by the HHS IT Investment team, and includes explanations for cost and schedule variances that have exceeded thresholds and descriptions of contractor plans to resolve variance causes. For a description of this document and how it is used, see HHS-OCIO-2005.0004P, HHS OCIO IT Earned Value Management Processes and Procedures, December 30, 2005. Guidelines for tailoring the CPR are provided in Section 8.5-2, of the Earned Value Management Implementation Guide (EVMIG).

Control Phase - This phase of the CPIC process ensures that IT initiatives are developed and implemented in a disciplined, well-managed, and consistent fashion; that project objectives are being met; that the costs and benefits were accurately estimated; and that spending is in line with the planned budget. This promotes the delivery of quality products and results in initiatives that are completed within scope, on time, and within budget.

Cost Benefit Analysis (CBA) - The purpose of a CBA is to support better decision-making to ensure that resources are effectively allocated to support the agency's mission. The CBA should demonstrate that alternatives were considered and the chosen alternative is the most cost-effective within the context of budgetary and political considerations.

Crisis Communications Plan - Focuses on defining structures and methods focused on public outreach including procedures for collecting, screening, formatting, and disseminating information.

Critical Partner - The Critical Partners are functional managers in Enterprise Architecture, Security, Acquisition Management, Finance, Budget and Human Resources that participate in IT investment reviews and governance decisions to ensure compliance with policies in their respective areas and to make timely tradeoff decisions where conflicts arise during the planning and execution of an investment.

Customer/User- The person or organization that will use the project's product.

Cyber Incident Response Plan - Focuses on defining procedures to address cyber attacks.


Top of PageD
Data Exchange - The movement of electronic information between computer software applications, either within an organization or between organizations.

Data Use Agreement - A Data Use Agreement (DUA) is a legal binding agreement between a Federal agency and an external entity (e.g., contractor, private industry, academic institution, other Federal government agency, or state agency), when an external entity requests the use of personal identifiable data that is covered by the Privacy Act of 1974. The agreement delineates the confidentiality requirements of the Privacy Act, security safeguards, and the Federal agency's data use policies and procedures. The DUA serves as both a means of informing data users of these requirements and a means of obtaining their agreement to abide by these requirements. Additionally, the DUA serves as a control mechanism through which the Federal agency can track the location of its data and the reason for the release of the data. A DUA requires that a System of Records (SOR) be in effect, which allows for the disclosure of the data being used.

Data Warehouse - A collection of data designed to support management decision making.

Decomposition - PMI PMBOK defines decomposition as a planning technique that subdivides the project scope and project deliverables into smaller, more manageable components, until the project work associated with accomplishing the project scope and providing the deliverables is defined in sufficient detail to support executing, monitoring, and controlling the work. This is known as the work package level and is the lowest level in the WBS.

Defect - An imperfection or deficiency in a project component where that component does not meet its requirements or specifications and needs to be either repaired or replaced.

Defect Management - The defect management process establishes an orderly and effective procedure that tracks the submission, coordination, review, evaluation, categorization, and resolution of defects for release to the baseline configuration.

Deliverable - Any unique and verifiable product, result, or capability to perform a service that must be produced to complete a process, phase, or project.

Demilitarized Zone (DMZ) - In computer networks, a DMZ is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network.

Deployment Plan - Describes the approach to be used to any unique and verifiable product, result, or capability to perform a service that must be produced to complete a process, phase, or project.

Design Document - The Design Document describes the technical solution that satisfies the requirements for the Business Product (e.g., system). Either directly or by reference to other documents, the Design Document provides a high-level overview of the entire solution architecture and data design, including external interfaces, as well as lower-level detailed design specifications for internal components of the Business Product that are to be developed.

Designated Approving Authority (DAA) - The senior management official with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to agency operations, agency assets, or individuals.

Digital Certificate - An electronic means of establishing credentials when performing transactions over a network. It is installed on a user's personal computer and is a secure electronic identity that certifies the identity of the holder.

Disaster Recovery Plan - Focuses on defining procedures to recover from catastrophic events that deny access to normal operations for an extended period of time.

Disposition Plan - The Disposition Plan addresses how the various components of an operating Business Product (e.g., system) are to be handled at the completion of operations to ensure proper disposition of all the Business Product components and to avoid disruption of the individuals and/or any other Business Products impacted by the disposition. Includes the planning for the deliberate and systematic decommissioning of the asset with appropriate consideration of records management.

Duration - PMI PMBOK defines duration as the total number of work periods required completing a schedule activity or WBS component, usually expressed as work days or work weeks.


Top of PageE
Earned Value Management (EVM) - A management methodology for integrating scope, schedule, and resources, and for objectively measuring project performance and progress. Performance is measured by determining the budgeted cost of work performed (i.e. earned value) and comparing it to the actual cost of work performs (i.e. actual cost). Progress is measured by comparing the earned value to the planned value. Earned Value Management integrates the scope of work with schedule and cost elements for optimum planning and control. The qualities and operating characteristics of earned value management systems are described in American National Standards Institute (ANSI) /Electronic Industries Alliance (EIA) Standard-748-1998, Earned Value Management Systems.

Electronic and Information Technology - Electronic and information technology" is a term used in the 1998 amendments to Section 508 of the Rehabilitation Act. The term is used to define the scope of products covered under Section 508. Electronic and information technology includes computer hardware and software, operating systems, web-based information and applications, telephones and other telecommunications products, video equipment and multimedia products, information kiosks, and office products such as photocopiers and fax machines. Informally, all of these devices are commonly referred to simply as "information technology," or "IT." However, from a legal standpoint, there was a need to expand upon an existing federal definition of information technology, while maintaining consistency with that early definition.

Electronic Data Interchange (EDI) - The transfer of data between different companies using networks, such as the Internet.

Element - A piece of data within a document. Within the WBS an element is one box, at any level, of the WBS.

Enterprise Architecture (EA) - Enterprise Architecture is a strategic information asset base which defines business mission needs, the information content necessary to operate the business, the information technologies necessary to support business operations, and the transitional processes necessary for implementing new technologies in response to changing business mission needs. Enterprise architecture includes baseline architecture, target architecture and a sequencing plan.

Enterprise Architecture Framework - An EA Framework is a logical structure for classifying and organizing complex information. It provides consistent EA terminology between program and IT activities, improves traceability, and identifies system commonalities.

Enterprise Architecture Review Board (EARB) - The CDC EARB monitors and advises CDC on EA. Membership includes representatives from the CC/COs and NCs, including portfolio managers and system stewards, and representatives from related technical areas, i.e. program operations, data management, security, records management, and business advisors

Enterprise Performance Life Cycle (EPLC) - The EPLC is a framework to enhance IT governance through rigorous application of sound investment and project management principles and industry best practices. The EPLC provides the context for the HHS IT governance process and describes interdependencies between its project management, investment management, and capital planning components. The EPLC is comprised of 10 phases – from initiation through disposition – and identifies the activities, roles and responsibilities, Stage Gate Reviews, and exit criteria for each phase. The EPLC framework complies with federal regulations and policies, industry best practices, and HHS policies and standards.

Evaluation Phase - This phase of the CPIC process involves comparing actual to expected results once an IT investment has been implemented; evaluating “mature” systems on their continued effectiveness in supporting mission requirements, and evaluating the cost of continued support or potential retirement and replacement.

Executive Milestone - A significant accomplishment or event in the project scope, such as completion of a major deliverable (e.g., product releases, user acceptance).


Top of PageF - The single government point-of-entry (GPE) for federal government procurement opportunities over $25,000. It is a portal through which commercial vendors seeking federal markets for their products and services can search, monitor and retrieve opportunities solicited by the entire Federal contracting community.

File Transfer Protocol - a software protocol for exchanging information between computers over a network.

Firm Fixed Price Contract (FFP) - A type of fixed price contract where the buyer pays the seller a set amount (as defined by the contract), regardless of the sellers cost.

Fixed Price or Lump Sum Contract - A type of contract involving a fixed total price for a well-defined product. Fixed price contracts may also include incentives for meeting or exceeding project objectives, such as schedule targets. The simplest form of a fixed price contract is a purchase order.

Function - The capability or behavior of a program, application, or system; the total set of its features, or "the things it can do".

Functional Manager - Someone with management authority over an organizational unit within a functional organization. The manager of any group that actually makes a product or performs a service. Sometimes called a line manager.

Functional Requirements - Functional requirements specify Business Product features and what the Business Product must do. They are directly derived from the objectives defined in the Project Management Plan. A functional requirement is a tangible service, or function, that the Business Product must provide and is a non-technical requirement. how the Business Product should behave. See also Non-functional Requirements.


Top of PageG
Gantt Chart - A bar chart that depicts a schedule of activities and milestones. Generally activities (which may be projects, operational activities, project activities, tasks, etc.) are listed along the left side of the chart and the time line along the top or bottom. The activities are shown as horizontal bars of a length equivalent to the duration of the activity. Gantt Charts may be annotated with dependency relationships and other schedule-related information.

Goal - A one sentence definition of specifically what will be accomplished, while incorporating an event signifying completion.

Government Monitor - Government employee who provides the interface between the project team and the project sponsor.

Government Off-the-Shelf Software (GOTS) - GOTS refers to a product developed by or for a government agency and that can be used by another government agency with the product's pre-established functionality and little or no customization.


Top of PageH
High Level 7(HL7) - Health Level Seven (HL7) is one of several American National Standards Institute-accredited Standards Developing Organizations (SDOs) operating in the healthcare arena. HL7 standards are the generally accepted prevailing industry standards for communicating clinical and laboratory data in the form of electronic messages. DHHS has mandated that partners adopt HL7 for electronic information exchange.


Top of PageI
Implementation Plan - The Implementation Plan describes how the business product will be installed, deployed, and transitioned into the operational environment.

Independent Verification & Validation (IV&V) - IV&V is a process employing rigorous methodologies for evaluating the correctness and quality of the product, conducted by personnel not directly engaged in the development of the product. IV&V is a way to ensure that the Business Product is developed in accordance with customer requirements, and that the product is well-engineered. Validation is concerned with checking that the product meets the user needs; Verification is concerned with checking that the product is well engineered. This is sometimes expressed as "Are we building the right product (or system)?" and "Are we building the product (or system) right?" Therefore, IV&V typically performs in-depth technical analyses of the products and the processes of system development. IV&V advises the customers when signs of problems begin to emerge so that the customer can make plans to deal with the situations.

Influencer - A people or groups that are not directly related to the project but due to their position in with the customer or performing organization can influence the course of the project.

Information in Identifiable Form (IIF) - Information in an IT system or online collection that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) or may be used by an agency in conjunction with other data elements to identify specific individuals, i.e., indirect identification (these data elements may include a combination of gender, race, birth date, geographic indicator and other descriptors).

Information System Security (INFOSEC) - Protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users, including those measures necessary to detect, document and counter such threats.

Information System Security Officer (ISSO) - An individual at each NC who is responsible for the security of the IT systems developed within their NC, including the security certification and accreditation of those systems.

Information Technology (IT) - Information technology, as defined by the Clinger-Cohen Act of 1996, sections 5002, 5141, and 5142, means any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information. For purposes of this definition, equipment is “used” by an agency whether the agency uses the equipment directly or it is used by a contractor under a contract with the agency that (1) requires the use of such equipment or (2) requires the use, to a significant extent, of such equipment in the performance of a service or the furnishing of a product. Information technology includes computers, ancillary equipment, software, firmware and similar procedures, services (including support services), and related resources. It does not include any equipment that is acquired by a Federal contractor incidental to a Federal contract.

Information Technology (IT) Governance - The IT governance organization at HHS and at each OPDIV is responsible for ensuring that investments are technically sound, follows established IT investment management practices, and meets the Business Owner's needs. Components of the IT governance organization are the ITIRB, the CIO Council (Technical Review Board at the OPDIV level), the Chief Information Officer, and CPIC Manager.

Information Technology (IT) Governance Organization - The IT governance organization at HHS and at each OPDIV is responsible for ensuring that investments are technically sound, follows established IT investment management practices, and meets the Business Owner's needs. Components of the IT governance organization are the ITIRB, the CIO Council (Technical Review Board at the OPDIV level), the Chief Information Officer, and CPIC Manager.

Information Technology (IT) Investment - An organizational investment employing or producing IT or IT-related assets. Each investment has or will incur costs for the investment, has expected or realized benefits arising from the investment, has a schedule of project activities and deadlines, and has or will incur risks associated with engaging in the investment.

Information Technology Investment Review Board (ITIRB) - The ITIRB is a cross-functional executive review committee responsible for overseeing the management of the HHS IT portfolio, approving and prioritizing IT investments to best achieve HHS strategic goals and objectives, and leveraging opportunities for collaboration across HHS OPDIVs on IT investments that support common lines of business. The HHS ITIRB shall ensure that the HHS IT investment portfolio is of the highest quality and meets the business needs of the Department in the most effective and efficient manner.

Information Technology Services Office (ITSO) - The Information Technology Services Office is located within the Office of the Director, Office of the Chief Operating Officer (OCOO) that is responsible for the Agency's IT infrastructure (e.g., networks, remote access, laptops, computers, email, video conferencing).

Information Technology (IT) Portfolio - The combination of all IT assets, resources, and investments owned or planned by an organization in order to achieve its strategic goals, objectives, and mission.

Information Technology (IT) Project - A project is a temporary planned endeavor funded by an approved information technology investment; thus achieving a specific goal and creating a unique product, service, or result. A project has a defined start and end point with specific objectives that, when attained signify completion

Integrated Baseline Documentation - Performance Measurement Baseline (PMB) documents, such as the Work Breakdown Structure (WBS), the WBS Dictionary, the Responsibility Assignment Matrix, Investment schedules, Control Account Plans, and Work Authorization Document. For a description of these documents and the Integrated Baseline Review (IBR) process and procedures, see HHS-OCIO-2005.0004P, HHS OCIO IT Earned Value Management Processes and Procedures, December 30, 2005.

Integrated Baseline Review (IBR) - The newest form of the Department of Defense C/SCSC verification review process in which the technical staff lead the effort to verify that the entire project baseline is in place, together with a realistic budget to accomplish all planned work.

Integrated Change Control - The process of reviewing all change requests, approving changes and controlling changes to deliverables and organizational process assets.

Integrated Contracts Expert (ICE) - CDC's acquisition management system that manages all procurement activities from initiating a procurement request to closing it out. It is the standard tool for simplified acquisitions and large procurements.

integrated Project Team - The IPT is established by the manager of each IT investment with technical and critical partner expertise appropriate to the size, complexity and operational requirements of the investment. An IPT typically shall consist of representatives from the business office, including any applicable subject matter experts, technical IT staff, budget, acquisition, security, and EA.

Integration Management - The processes and activities needed to identify, define, combine, unify, and coordinate the various processes and project management activities.

Integrity - In terms of data and network security, integrity is the assurance that information can only be accessed or modified by those authorized to do so. Measures taken to ensure integrity include controlling the physical environment of networked terminals and servers, restricting access to data, and maintaining rigorous authentication practices.

Interface Control - An interface, from the perspective of system development, can be identified as any point where a system and something, or someone, meet. This interface point may include other systems, internal hardware, circuitry, external peripherals, networks, system users, etc. For example, common interfaces for peripherals may include USB, serial, parallel ports, etc; common interfaces for system users may include monitors, keyboards, mice, etc.

Interface Control Document (ICD) - Describes the system's interfaces as well as any rules for communicating with them. ICDs help assure compatibility between system segments and components. The purpose of the ICD is to clearly communicate all possible inputs and outputs from a system for all potential actions whether they are internal to the system or transparent to system users.

International Merchant Purchase Authorization Card (IMPAC) - US Bank Government-wide purchase card used by designated employees for micro-purchases from mandatory sources or commercial vendors.

Investment Manager - The Investment Manager is responsible for planning and executing the investment to achieve approved baselines. The IM may or may not be a subject matter expert in the business area supported by the investment.

Investment Owner - The Investment Owner is the person in management, often a Branch Chief or someone they have designated, who is responsible for the project in its entirety. The Investment Owner is also responsible for keeping the project ESC data up to date, including ensuring that the correct project team members are listed and that they are aware of and have accepted their roles.

Issue - An obstacle to project success that needs to be resolved in order for the project to achieve its intended outcomes.

Issue Log - A tool used by project teams to document and to monitor the resolution of issues.

Issue Management - Issue management is the process of identifying and document issues, reviewing and carefully considering all relevant information, and then resolving them.

Issue Owner - The individual responsible for resolving an issue by a particular target date. The issue owner is in charge of minimizing any impact the issue may have on the project.

IT Investment - Any expenditure that is applied toward information technology.

IT System - A system that stores, analyzes, processes, manages, distributes, and/or provides access to electronic data and/or information.


Top of PageJ
Justification for Other than Full and Open Competition - A written justification required when procuring, by means of a contract with a value in excess of $100,000, from a specific source or a specific brand without full and open competitive procedures.


Top of PageK
Key Performance Indicators (KPI) - Measurable indicators that will be used to report progress that is chosen to reflect the critical success factors of the project.


Top of PageL
Lag - PMI PMBOK defines schedule lags are a modification of the relationship of schedule activities that allows an delay of the successor activity. For example, in a finish-to-start dependency with a two-day lag, the successor activity cannot start until two days after to the completion of the predecessor activity.

Leads - PMI PMBOK defines schedule leads are a modification of the relationship of schedule activities that allows an acceleration of the successor activity. For example, in a finish-to-start dependency with a two-day lead, the successor activity can start two days prior to the completion of the predecessor activity.

Learning Objective - What trainees will be able to do upon completion of the training program.

Lessons Learned - A Lessons Learned session is typically a large meeting of project participants to discuss project outcomes. The meeting attendees includes: Project Team, Selected stakeholders, Executive Management, and Maintenance & Operation Staff. A Lessons Learned session provides official closure to a project. It also provides a forum for public praise and recognition of project success, and offers an opportunity to discuss ways to improve processes and procedures for future projects.

Level of Effort (LOE) - Support-type activity (e.g. seller or customer liaison, project cost accounting, project management, etc) that does not readily lend itself to measurement of discrete accomplishment. It is generally characterized by a uniform rate of work performance over a period of time determined by the activities supported.


Top of PageM
Meeting Minutes - Meeting Minutes are a written record of what transpired during a meeting. Meeting minutes provide the purpose of a meeting, list of attendees, topics discussed, decisions made, the status of actions from previous meeting, new action items and the individuals assigned responsibility for the actions.

Memorandum of Understanding (MOU) - See Service Level Agreement (SLA)

Microsoft Project Server - A Microsoft application which stores project information in a central database, protected from unauthorized access and corruption. A Project Administrator can control security defining users and access rights.

Micro Purchase - In accordance with the Federal Acquisition Streamlining Act (FASA) of 1994, a micro-purchase is defined as a purchase of supplies or services for which the aggregate amount does not exceed $2,500, except in the case of construction where the limit is $2,000. A micro-purchase is a type of Simplified Acquisition.

Milestone - A significant point or event in the project.

Mitigation - Mitigation efforts attempt to prevent risks from developing into issues, or to reduce the effects of risks when they occur.


Top of PageN
Non-Functional Requirements - Non-functional requirements specify the criteria that are used to judge the operation of a Business Product, rather than specific behaviors (in contrast to functional requirements, which describe behavior or functions). Typical non-functional requirements are reliability, scalability, accessibility, performance, availability, and cost. Other terms for non-functional requirements are “constraints”, “quality attributes”, and “quality of service requirements". Non-functional requirements also specify the laws, regulations, and standards with which the Business Product must comply. How the Business Product must comply with laws, regulations, and standards.


Top of PageO
Object Identifier (OID) - An Object Identifier (OID) is a unique number that identifies an object class or attribute in a directory service. Object Identifiers are established by issuing authorities. An object identifier is represented as a hierarchical dotted decimal string (e.g., ""). Each coding system and value set is assigned an Object Identifier. OIDs are used for three purposes: 1. Identification of Vocabulary items – Code Systems and Value Sets 2. Identification of Identifier Namespaces used in Public Health – Case IDs, Specimen IDs, Result IDs, etc. 3. Identification of Well Known Objects – Messaging Partners, Physical Locations, etc.

Occupant Emergency Plan - Focuses on providing response procedures for occupants of a facility in the event of a potential threat to the health and/or safety of personnel, environment, or property.

Operation and Maintenance Manual - The Operations & Maintenance Manual clearly describes the Business Product that will be operating in the production environment and provides the operations and support staff with the information necessary to effectively handle routine production processing, ongoing maintenance, and identified problems, issues, and/or change requests.

Office of the General Council (OGC) - Supports the development and implementation of the Department's programs by providing the highest quality legal services to the organization's various agencies and divisions.


Top of PageP
Period of Performance - The time interval of contract performance that includes the effort required to achieve all significant contractual schedule milestones.

Periodic Investment Status Report - Periodic Status Report describes work accomplished as of the reporting period, work planned for the next reporting period, and any issues that require management attention. The status report also typically includes investment cost and schedule data for the reporting period and cumulatively

Performing Organization - The enterprise whose employees are most directly involved in performing the work of the project.

Plan of Action and Milestones - The agency's primary management tool for tracking the mitigation of its IT security program and system level weaknesses.

Portfolio Management - The centralized management of one or more portfolios, which includes identifying, prioritizing, authoring, managing, and controlling projects, programs, and other related work, to achieve specific strategic business objectives.

Privacy Impact Assessment (PIA) - Based on the initial FIP 199 categorization and the identification of the need or potential to collect Privacy Act data/information, the assessment required by the Privacy Act and/or E-Government Act of 2002 to conduct assessments on investments before developing or procuring information technology that collects, maintains, or disseminates personal information in identifiable form. A PIA is an agency review of how collected information is handled by and protected in a manner consistent with Federal standards for privacy and security. The PIA determines what kind of information in identifiable form is contained within a system, what is done with that information, and how that information is protected. Though the PIA specifically refers to "privacy", a PIA also typically covers confidentiality, access to data, and use of data.

Privacy Summary - Captures what type of information is collected and stored by an IT system, why the information is collected and what it is used for; IT system information from the PIA summary is rolled up and published by HHS for public view.

Procurement Requisition/Request - An electronic form generated in ICE used to initiate the procurement of supplies and services and request modifications to existing contracts and purchase orders.

Product - An artifact that is produced, is quantifiable, and can be either an end item in itself or a component item.

Program - A group of related projects managed in a coordinated way to obtain benefits and control not available from managing them individually. Programs may include elements of related work outside of the scope of discrete projects in the program.

Program Digital Certificate Administrator (PDCA) - The person designated by the Business Steward of the program data system, who is responsible for granting access to the program's data and activities. When a person requests access a program's application or service residing within the SDN, the SDN will contact the PDCA to validate if the requestor should be given access to the requested program activity.

Program Manager - The person responsible for managing the project.

Program Management - The centralized coordinated management of a program to achieve the program's strategic objectives and benefits.

Program Management Office - Architect and includes CDC system architects and contract staff. Membership may fluctuate based on the current phase of EA implementation. The CDC EA PMO provides the following: Develops and implements a high-level project management framework to support the EA project portfolio; Facilitates the consistent collection and publishing of project metrics and status reporting for all major projects under the EA implementation umbrella; Evaluates and manages risks related to projects, people, program/business, and technology; Manages the configuration management process, which includes changes to EA products, tools, methods, processes, and technologies.

Programmatic Records - Records which are unique to the function and mission of specific federal agencies.

Project - A project is a temporary planned endeavor funded by an approved investment; thus achieving a specific goal and creating a unique product, service, or result. A project has a defined start and end point with specific objectives that, when attained signify completion.

Project Archive - Project Archives preserve vital information, including both documentation of project execution and the data from the production system.

Project Charter - The Project Charter formally authorizes a project, describes the business need for the project and the product to be created by the project. It provides the project manager with the authority to apply up to a certain level of organizational resources to project activities.

Project Completion Report - The Project Completion Report describes any differences between proposed and actual accomplishments, documents lessons learned, provides a status of funds, and provides an explanation of any open-ended action items, along with a certification of conditional or final closeout of the development project.

Project Contingency Budget - A percentage of the project's total cost, budget, schedule, duration, etc. to account for any unforeseen events that may be incurred after the project begins.

Project Coordinator - Works with internal and external parties helping to coordinate various project related items such as schedules and activities, placing orders for supplies and services, and tracking progress and results. Often reports to product development, project management, or marketing executives.

Project Management - The application of knowledge, skills, tools and techniques to project activities to meet the project requirements.

Project Management Institute (PMI) - The American professional body for project managers.

Project Management Plan - A formal approved document that defines the overall plan for how the project will be executed, monitored, and controlled. The Project Management Plan (PMP) is a dynamic formal approved document that defines how the project is executed, monitored and controlled. It may be summary or detailed and may be composed of one or more subsidiary management plans and other planning documents. The main objective of the PMP is to document assumptions and decisions for how the project is to be managed, to help in communication between all of the concerned parties and to document the scope, costs and time sequencing of the project.

Project Management Professional (PMP) - A person certified as a PMP by the Project Management Institute.

Project Management Team - The members of the project team who are directly involved in project management activities.

Project Manager (PM) - The person assigned by the performing organization to achieve the project objectives. The Project Manager is responsible for project performance in relation to approved cost, schedule and performance baselines. The PM maintains information project status, control, performance, risk, corrective action and outlook. This person is accountable to the Business Owner for meeting business requirements and to IT governance for meeting IT project management requirements. The PM shall develop the business case in conjunction with the Business Owner to clearly define and capture business need requirements, conduct project planning to adequately define and execute the tasks required to meet approved cost, schedule and performance baselines and conform to HHS policies that apply to IT projects. Project Managers shall be responsible for timely reporting of significant variances from approved baselines and providing corrective action plans or rebaselining proposals as appropriate.

Project Milestone - Milestones which while not executive in nature are important events and accomplishments involved in achieving the project's stated outcome(s).

Project Officer - A program representative responsible for coordinating with acquisition officials on projects for which contract support is contemplated. This representative is responsible for technical monitoring and evaluation of the contractor's performance after award.

Project Process Agreement (PPA) - The Project Process Agreement (PPA) is used to authorize and document the justifications for using, not using, or combining specific Stage Gate Reviews and the selection of specific deliverables applicable to the investment/project, including the expected level of detail to be provided.

Project Portfolio - The constituent projects within a program.

Project Schedule - The planned dates for performing schedule activities and the planned dates for meeting schedule milestones. The project schedule is developed so that tasks and milestones are clearly defined. It is updated regularly to identify IT investment elements that are behind as well as those ahead of schedule. The project schedule maps directly to the WBS, providing the investment management team with a single point of reference for all activities. Contract DID elements for a project schedule are provided in HHS-OCIO-2005.0004P, HHS OCIO IT Earned Value Management Processes and Procedures, December 30, 2005.

Project Scope - The work that must be performed to deliver a product, service, or result with the specified features and functions.

Project Status Report - A report on the status of accomplishments and any variances to spending and schedule plans.

Project Team - The group that is performing the work of the project.

Prototyping - The construction of a partial system to demonstrate some aspect or aspects of the intended system behavior in order to gain user acceptance or to establish technical feasibility.

Public Health Information Network Messaging System (PHIN MS) - Public Health Information Network Messaging System (PHIN MS) is an application used to securely transmit PHIN messages over the Internet. The PHIN Vocabulary Access and Distribution System (PHIN VADS) is a set of tools within the PHIN VS that enables CDC and its partners to access, distribute, store, and manage vocabularies within and between applications.

Public Health Information Network Vocabulary Access and Distribution System (PHIN VADS) - The PHIN Vocabulary Access and Distribution System (PHIN VADS) is a set of tools within the PHIN VS that enables CDC and its partners to access, distribute, store, and manage vocabularies within and between applications.

Public Health Information Network Vocabulary Services (PHIN VS) - PHIN Vocabulary Services provides a coordinated system for registering, identifying, mapping, authoring, and editing standards-based vocabularies for CDC and PHIN partner applications.


Top of PageQ
Quality Assurance (QA) - The process of evaluating overall project performance on a regular basis to provide confidence that the project will satisfy the relevant quality standards.

Quantitative Analysis - Quantitative Analysis is often performed on risks that have been prioritized by the Qualitative Risk Analysis process. It analyzes the effect of those risk events and assigns a numerical rating to those risks. When complete, it also presents a quantitative approach to decision making when uncertainty arises.

Qualitative Analysis - It assesses priority identified by using the probability of occurring, corresponding impact on project objectives, as well as other factors such as the time frame and risk tolerance of the project constraints of cost, schedule, scope, and quality.


Top of PageR
Rational Unified Process (RUP) - A software development methodology from Rational. Based on UML, RUP organizes the development of software into four phases, each consisting of one or more executable iterations of the software at that stage of development.

Records Control Schedule - Describes (1) length of time each document or record will be retained as an active record, (2) reason (legal, fiscal, historical) for its retention, and (3) final disposition (archival or destruction) of the record.

Records Management - Records Management consists of the planning, controlling, directing, organizing, training, promoting, and other managerial activities involved in records creation, maintenance and use, and disposition in order to achieve adequate and proper documentation of the policies and transactions of the Federal Government and effective and economical management of agency operations (44 U.S.C. 2901).

Request for Contract (RFC) - A formal document submitted by the Project Officer to PGO to begin preparing a request for proposals.

Request for Proposal (RFP) - A type of procurement document used to request proposals from prospective sellers of products or services. In some application areas, it may have a narrower or more specific meaning.

Request for Task Order (RTO) - A formal document submitted by the Project Officer to PGO to begin preparing the task order proposal.

Request for Task Order Proposal (RTOP) - A document used by PGO to solicit quotes, offers or proposals for the Task Order.

Requirement - A condition or capability that must be met or possessed by a system, product, service, result, or component to satisfy a contract, standard, specification, or other formally imposed documents. Requirements include the quantified and documented needs, wants, and expectations of the sponsor, customer, and other stakeholders (PMI PMBOK). Requirements specify what should be produced. They are descriptions of either how the Business Product should behave (functional requirements), or of how the Business Product must comply with laws, regulations, and standards (non-functional requirements).

Requirement Document - The Requirements Document describes both the project and product requirements. It outlines the technical, functional, performance and other requirements necessary to deliver the end business product.

Requirement Traceability - Requirements tracing is a practice more specific to systems development and is defined as the ability to describe and follow the life of a requirement, in both a forward and a backward direction through the entire project's life cycle. Requirements tracing captures all levels of requirements and helps ensure that the project meets client expectations.

Resource - Skilled human resources (specific disciplines either individually or in crews or teams) equipment, services, supplies, commodities, materiel, budgets or funds.

Risk - A risk is defined as an uncertain event or condition that, if it occurs, has a positive or negative affect on a project's objectives. An uncertain event that may affect the performance objectives (i.e., cost, schedule, scope or quality) of an investment, usually negatively.

Risk Management - An approach for addressing the risks associated with investment. Risk management includes identification, analysis, prioritization, and control of risks. Especially critical are those techniques that help define preventative measures to reduce the probability of these factors from occurring and identify countermeasures to successfully deal with these constraints if they develop.

Risk Response Planning - The process of developing options and actions to enhance opportunities and to reduce threats to project objectives. Risk response actions may include mitigation, contingency, transfer, avoidance, and acceptance.

Risk Symptom - The unwanted effect of a risk, a change from what would normally be experienced.

Risk Trigger - An identified event that sets off the execution of a risk's contingency plan.

Rough Order of Magnitude (ROM) - Cost and schedule estimates based on high-level requirements, and an overall prediction of work to be done to satisfy those requirements. Typically, ROM estimates are based on approximate cost models or expert analysis, and presented as a range.

Run Book - A customized operations guide for a project developed by the MTDC team and the project team. It includes procedures for the routine and exceptional operation of the system. This information is specific to the project's operations and is communicated to system operators.


Top of PageS
Schedule Activities - Work defined to a level that can be estimated, scheduled, executed, and monitored and controlled.

Schedule Activity - Schedule activities are decomposed from Work Breakdown Structure (WBS) work packages and have an estimated duration, cost, resource requirements.

Schedule Diagramming - PMI PMBOK defines schedule diagramming as a scheduling network technique in which schedule activities are represented by nodes. Schedule activities are graphically linked to illustrate the relationship between sequenced activities and the order in which they are to be performed.

Schedule Lag - PMI PMBOK define a schedule lag as a modification of the relationship of schedule activities that allows a delay of the successor activity. For example, in a finish-to-start dependency with a two-day lag, the successor activity cannot start until two days after to the completion of the predecessor activity.

Schedule Leads - PMI PMBOK defines a schedule lead as a modifications of the relationship of schedule activities that allows an acceleration of the successor activity. For example, in a finish-to-start dependency with a two-day lead, the successor activity can start two days prior to the completion of the predecessor activity.

Schedule Milestone - See Milestone

Section 508 - Section 508 refers to Section 508 of the Rehabilitation Act of 1973 (29 U.S.C. 794d), which requires Federal agencies to develop, procure, maintain, or use electronic and information technology that is accessible to Federal employees and members of the public with disabilities.

Security Accreditation - Provides the necessary security authorization of an information system to process, store, or transmit information that is required. This authorization is granted by a senior organizational official and is based on the verified effectiveness of security controls to some agreed level of assurance and an identified residual risk to agency assets or operations.

Security Categorization - Characterization of information or an information system based on an assessment of the potential impact (low, medium, high) that a loss of confidentiality, integrity, or availability of such information or information system would have on the organization's operations, assets, or individuals.

Security Certification - Ensures that security controls are effectively implemented through established verification techniques and procedures, and gives organization officials confidence that the appropriate safeguards and countermeasures are in place to protect the organization's information systems. Security certification also uncovers and describes the known vulnerabilities in an information system.

Security Controls - The management, operational, and technical safeguards or countermeasures prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information. Management controls focus on the management of risk and information system security. Operational controls are primarily implemented and executed by people as opposed to systems. Technical controls are primarily implemented and executed by the information system through mechanisms contained in hardware, software or firmware components.

Security Risk Assessment (SRA) - A Security Risk Assessment will document the analysis of the security functional requirements and will identify the protection requirements for the system using a formal risk assessment process. The risk assessment includes the identification of threats to and vulnerabilities in the information system; the potential impact or magnitude of harm that a loss of confidentiality, integrity, or availability would have on agency assets or operations and the identification and analysis of security controls for the information system.

Security Steward - The person who is formally designated as the ombudsman for information protection and systems security for the system. The security steward is someone other than the business steward and the technical steward.

Select Phase - This phase of the CPIC process ensures that IT investments are chosen that best support the Agency's mission and align with HHS' approach to enterprise architecture.

Sensitive Compartmented Information (SCI) - Classified information concerning or derived from intelligence sources, methods, or analytical processes, which is required to be handled exclusively within formal control systems established by the Director of Central Intelligence. (Ref DCID 6/9)

Sensitive Compartmented Information Facility (SCIF) - An accredited area, room, or group of rooms, building, or installation where SCI may be stored, used, discussed, and/or electronically processed. (Ref. DCID 6/9)

Service Level Agreement (SLA) and/or Memorandum of Understanding (MOU) - A Service Level Agreement(s) (SLAs) is a contractual agreement between a service provider and their customer specifying performance guarantees with associated penalties should the service not be performed as contracted. A Memorandum(s) of Understanding (MOU) is a legal document that outlines the terms and details of an agreement between parties, including each parties requirements, responsibilities and period of performance.

Simplified Acquisition Procedures (SAP) - Streamlined acquisition methods described in FAR Part 13 for the purchase of supplies, services or equipment costing between $2501 and $100,000.

Sole Source Justification - A justification required when any acquisition over $2,500 must be obtained from a specific source or a specific brand without full and open competitive procedures.

Solicitation - Any request to submit offers or quotations to the Government.

Solution - A comprehensive architectural response to a business problem. Solutions address all layers of the Enterprise Architecture - strategy, business, data, applications and technology/security.

Sponsor - The person or group that provides/authorizes the resources for the project.

Stage Gate - Phase-driven go/no-go decision points where EPLC activities are reviewed to ensure that appropriate OMB and HHS requirements are observed. A system cannot proceed without a “go” decision by the appropriate senior manager for the specific control gate.

Stakeholder - A person or organization that is actively involved in the project, and/or that could positively or negatively impact the achievement of the project objectives, and/or whose interests may be positively or negatively affected by the execution or completion of the project.

Statement of Work (SOW) - A narrative description of products, services, or results to be supplied.

Stakeholders - The people or groups that have a vested interest in the outcome of the project.

Steering Committee - A group of people responsible for providing guidance on overall strategic direction.

Strengths, Weaknesses, Opportunities, and Threats (SWOT) Analysis - This information gathering technique examines the project from the perspective of each project's strengths, weaknesses, opportunities, and threats to increase the breadth of the risks considered by risk management.

Subject Matter Expert (SME) - An expert in some aspect of the project's content expected to provide input to the project team regarding business, scientific, engineering or other subjects. Input may be in the form of requirements, planning, resolutions to issues and/or review of project results.

System of Record (SOR) - The Privacy Act defines a SOR as a group of any records under the control of a Federal agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. Additionally, the Privacy Act requires that the Federal government inform the public of any collection of information about its citizens from which data are retrieved by a unique identifier as described above.

System of Record Notice (SORN) - The Privacy Act defines a System of Record (SOR) as a group of any records under the control of a Federal agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual. Additionally, the Privacy Act requires that the Federal government inform the public of any collection of information about its citizens from which data are retrieved by a unique identifier as described above. The System of Record Notice (SORN) fulfills this requirement to inform the public via the publication of a system notice in the Federal Register. This notice describes the SOR and gives the public an opportunity to comment. Without the written consent of the subject individual, the Privacy Act prohibits the release of protected information maintained in a SOR unless one of the 12 defined disclosure exceptions is applicable.

System Owner - A Government FTE responsible for: 1.) Working with ISSOs, CIOs or other staff to provide information relative to completing PIAs; 2.) Identifying any additional resources needed to complete PIAs; 3.) Determining whether the security controls that protect systems are adequate enough for operation; 4.) Considering security controls that protect the privacy of IFF in determining whether systems are allowed to operate

System Security Plan (SSP) - The SSP describes managerial, technical and operational security controls (defined by the National Institute of Standards and Technology) that are designed and implemented within the system.


Top of PageT
Task Order - An order for services placed against an established contract or with Government sources.

Technical Contact - Takes official and personal responsibility for monitoring the progress of work order for assuring the adequacy of the work performed and for assuring the accuracy of any billings presented by the contractor.

Technical Evaluation Panel (TEP) - A panel responsible for evaluating technical proposals submitted by contractors in response to the RFP or RFTP released by PGO.

Technical Lead - A person with strong technical skills and incident response experience who assumes oversight of and final responsibility for the quality of the technical work that the entire incident response team undertakes.

Technical Monitor - Is responsible for monitoring and evaluating the performance of the Contractor; assisting the Project Officer with the review of invoices; and day-to-day interface with the Contractor to attain rated deliverables.

Technical Steward - The person responsible for the technical day-to-day aspects of the system as well as system development, typically information technology personnel. The technical steward is responsible for providing technical direction of the project, including software development standards and platforms.

Technology Services Executive (TSE) - A person who manages customer relationships with IT executives in the Coordinating Centers and NCs, providing the critical link between ITSO and the organization it supports.

Test Plan - The Test Plan defines the types of tests (e.g. unit, function, integration, system, security, performance (load and stress), regression, user acceptance, and/or independent verification and validation) to be carried out. The document describes the acceptance criteria for those tests, roles and responsibilities of individuals involved in the testing process, traceability matrix, resources required (hardware and software environments), and other elements relevant to test planning and execution. This plan details the manner of testing (test cases, simulation, etc) of the integrated software/hardware system. It must include as part of the main document or as a separate document detailed Test Case Specifications that describe the purpose and manner of each specific test, the required inputs and expected results for the test, step-by-step procedures for executing the test, and the pass/fail criteria for determining acceptance.

Test Reports - Test Reports are completed at the end of each test to verify expected results. A summary report should be created at the end of the testing phases to document the overall test results. These reports summarize the testing activities that were performed and describe any variances between the expected test results and the actual test results and includes identification of unexpected problems and/or defects that were encountered.

Threshold - The level at which an event or change occurs.

Training Plan - The Training Plan describes the overall goals, learning objectives, and activities that are to be performed to develop, conduct, control, and evaluate instructions that are to be provided to users, operators, administrators, and support staff who will use, operate, and/or otherwise support the solution.

Training Materials - Training Materials include the documentation associated with the deployment of the Business Product or software. This includes instructor and student guides, audio-visual aids, and computer-based or other media used to disseminate information about the final product to the target audience that is in need of the instruction.

Thresholds - Risk thresholds define the boundaries of fluctuation allowed from expected levels to those defined as risk triggers.

Traceability - The degree to which a relationship can be established between two or more products of the development process, especially products having a predecessor-successor or master-subordinate relationship to one another (IEEE Standard Computer Dictionary).

Traceability Matrix - A matrix that records the relationship between two or more products of the development process; for example, a matrix that records the relationship between the requirements and the design of a given software component (IEEE Standard Computer Dictionary).

Training Goal - Overall purpose, results, or capabilities to be obtained upon successful execution and implementing of the project's training plan.

Triple Constraints - Analysis based on scope, time, and cost impact to the project. When managing competing requirements, evaluate how a change in one constraint affects one or both of the remaining two.


Top of PageU
Use Case - A description of system behavior, in terms of sequences of actions. A use case should yield an observable result of value. A use case should contain all alternative flows of events related to producing the intended observable value.

User/Customer- The person or organization that will use the project's product.

User Manual - The User Manual clearly explains how a business user is to use the established Business Product from a business function perspective.


Top of PageV
Vulnerability Assessment - A vulnerability assessment is an application-level analysis to determine what vulnerabilities exist within a system. It is an indirect part of the C&A process (see CDC UP Security Process Guide) that provides input into the C&A process and is considered in the overall analysis of risk for a given system.


Top of PageW
Work Package - Project deliverables defined to a level that can support executing, monitoring, and controlling the work. The lowest level in the WBS.

Work Breakdown Structure (WBS) - A subdivision of the work which the project is responsible for, defined as hardware, software, and service elements, integrating effort, and provides a framework for planning, control, and reporting.

Work Flow - Order in which specific work is performed. Often represented graphically.


Top of PageX-Z
Contact Us to Suggest a Term 


Add This Socialize the CDC Unified Process: The U.S. Government's Official Web PortalDepartment of Health and Human Services
Centers for Disease Control and Prevention   1600 Clifton Rd. Atlanta, GA 30333, USA
800-CDC-INFO (800-232-4636) TTY: (888) 232-6348, 24 Hours/Every Day -

A-Z Index

  1. A
  2. B
  3. C
  4. D
  5. E
  6. F
  7. G
  8. H
  9. I
  10. J
  11. K
  12. L
  13. M
  14. N
  15. O
  16. P
  17. Q
  18. R
  19. S
  20. T
  21. U
  22. V
  23. W
  24. X
  25. Y
  26. Z
  27. #