The Department of Defense (DoD) recently called cATO the “gold standard” in cybersecurity. However, the current process for obtaining authorization to operate (ATO) is “point in time,” costly, and time consuming. Based on these issues, an alternative, continuous authority to operate (cATO), is gaining momentum. […]

A new memo from the Department of Defense (DoD) is encouraging the use of a continuous Authorization To Operate (cATO) under the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) – instead of a point-in-time ATO – to serve as the “gold standard” for systems’ cybersecurity risk management. […]

Categories