![]() ![]() Security professionals must spend valuable time doing repetitive documentation tasks, rather than hunting for intruders on the agency’s networks or performing other proactive security missions.Īutomated tools for authorization like CAIF gather the data and the evidentiary artifacts needed to demonstrate compliance and prepare them for export to systems of record or Information Assurance (IA) repository tools like eMASS, XACTA or CSAM. A paper-based ATO typically takes six-to-nine months to complete for a Civilian agency, twice that in DoD. Compliance to multiple frameworks or standards, often with duplicative or overlapping requirements, must be diligently recorded. Many experts regard this as less than useful in a dynamic threat environment where new vulnerabilities are emerging, and patches for them being released, on a weekly basis. Every agency has a slightly different procedure, but the end result is the same: A static snapshot of a system’s security at a single point in time. The paper-based ATO process is lengthy and laborious. The resulting bundle of paper goes to the Authorizing Official, who has to sign off - to issue the ATO - before the system can go live. The challenges of paper-based ATOįor years agencies have relied on a cumbersome, paper-based process by which system owners manually document the security measures they have in place and demonstrate their compliance with relevant risk management, privacy, data security and other requirements. ![]() ![]() The most powerful kinds of automation use artificial intelligence to reduce both the labor involved and the prevalence of errors in preparing an ATO - and they automate compliance, too.Īccenture’s Cyber Assurance Integration Framework, or CAIF, is a methodology and toolset that can enable automation for Continuous Authorization and ultimately improve agencies’ security and cyber assurance posture. By automating Continuous Authorization, and integrating it with DevSecOps development pipelines, agencies can ensure that the modern, agile IT capabilities they’re deploying have security built in, not bolted on. As the federal government moves ahead with IT modernization, it’s making an important change in the mechanism that ensures IT systems, apps and other assets are secure and ongoing continuous authorization practices are implemented for obtaining and maintaining Authority to Operate (ATO). ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |