White Paper: CONOPS for Improving the RMF/ATO Process by Unifying the Selection, Implementation, and Continuous Monitoring of STIG/CIS Controls

ATARC cATO Working Group | October 2024

This white paper examines traditional techniques and offers a new approach to automating these controls.  In North America, there are two publishers of system-level policies, the DoD, which publishes the Security Technical Implementation Guides (STIGs), and the Center for Internet Security, which publishes the CIS Benchmarks.  This white paper will focus on STIGs since it is the predominant control set used in the federal government.