Continual Authorization to Operate (cATO) Working Group

 

In a rapidly changing technical environment, it’s no secret that cybersecurity is more important than ever. External security requirements, tech refresh and tech insertions, and bad actors and threats are increasing every day, putting pressure on the traditional ATO processes and the tempo in which they are done.

 

The problem is clear: the RMF/ATO process simply takes too long. Agility is critical to implementing security measures and IT modernization, but the timeline for modernization and security upgrades continues to increase, and additional labor is not the answer.

 

Enter the continual ATO process, critical in compressing timelines and decreasing the effort brought on by thwarting cybersecurity threats, allowing for more frequent application and security updates and upgrades benefitting overall program modernization and security.

 

Charter
White Paper: Continual Authorization to Operate Working Group Roundtable
White Paper: cATO Working Group Concept PaperWhite Paper: CONOPS for Improving the RMF/ATO Process by Unifying the Selection, Implementation, and Continuous Monitoring of STIG/CIS Controls
White Paper: Continuous Authorization to Operate (cATO) Implementation PlaybookWhite Paper: Modernizing RMF for Continuous, Evidence-Based Security

Leadership Chairs:

Darren Death

Darren Death

Government Chair

EXIM

Brian Hajost

Brian Hajost

Industry Chair

SteelCloud