The Orion JK21 Collaboration for Agile ATO: OSCAL, SDP, TIC 3.0, SAF

In September 2019, ATARC launched several Cloud Computing Working Groups, each focusing on distinct areas of interest (e.g. cloud migration, cost modeling, cloud security, etc.). The Cloud Security working group representatives from private and public sector, proposed a proof of concept or pilot that aimed to demonstrate trending technologies and concepts applied to cloud environments:

(1) Zero-Trust Architectures (ZTA) and principles,

(2) DevSecOps’ integrated processes of development and operations,

(3) agile Authorizations to Operate (ATO) through automation of the assessment and authorization (A&A) process with NIST’s OSCAL and

(4) Trusted Internet Connection (TIC) 3.0 – network requirements.

The pilot was named Orion and in 2021 it became Orion JK21. The ORION JK21 team felt strongly that being able to provide a proof of concept for each of these emerging trends would move forward cloud security and compliance automation.

In this report, read about the results of the Orion JK21 Pilot Project.