Accelerating the Authority to Operate Process with DevOps

Highlights from a Government Roundtable, hosted by ATARC in partnership with Cloudbees, March 2023

For Federal agencies, Continuous Authority to Operate (cATO) is a challenging, but necessary, approach to reduce cyber risk and accelerate innovation. To achieve cATO, agencies must produce real-time security data through continuous monitoring of risk management framework (RMF) controls that are embedded in the DevSecOps process.

At a recent roundtable discussion hosted by the Advanced Technology Academic Research Center (ATARC) in partnership with CloudBees, participants from various federal agencies shared their experiences with the ATO process, the role of an Authorizing Official (AO), as well as the challenges of transitioning to a continuous ATO model.