ATO in a Day
How quickly can the first five Risk Management Framework (RMF) steps be accomplished to obtain an Authorization to Operate (ATO)?
Jason Hess took the opportunity to reevaluate his agency’s RMF implementation. His “ATO in a Day” initiative equips organizations to deliver Authorizing Official (AO) approved software to the agency’s mission at a faster pace than had been previously possible. It is, of course, true that all systems will not be able to get AO approval in an actual 24-hour day. Even so, if implemented correctly, the ATO-in-aDay process can, at the very least, considerably shorten the timeline required for acquiring an ATO.
This presentation will describe the modified assessment and authorization (A&A) process for getting applications to the cloud more quickly than had been possible in the past by leveraging DevOps and agile methodologies. It is an exciting process and one that could not have happened in the early days of computing because many initiatives and cultural changes had to happen first.
We are delighted to have Jason Hess volunteer to share his experience accelerating the A&A processes. He is the Director of Cloud Security at the National Geospatial-Intelligence Agency. He is architecting the agency’s “All In” the cloud transformation. This transformation initiative is moving the Geospatial mission to commercial cloud offerings. Mr. Hess brings nearly 20 years of experience delivering strategic IT/Cloud Cybersecurity solutions to the government. His passion for technology and ability to manage security risk has enabled organizations to utilize innovative and leading-edge technologies to meet national security goals.
As a valued thought leader, he guides organizations to leverage new and emerging technologies to become more adept at meeting national security objectives while balancing risks in rapidly changing conditions. He has created a vision with the explosion of the DevOps movement to have a 10X improvement in the A&A process, a process he calls “ATO in a Day”.
18 March 2017 ISSA NOVA RMF LifeBoat Group Partner Meeting Topic and Presenter
Mr. Hess evangelizes for a move toward a “security at the speed of mission” model where IT security professionals must become ever more agile, resilient, secure, and innovative to continue to face the emerging threats and meet mission objectives.
Everyone can easily get information for our RMF LifeBoat Group meetings and many other rewarding chapter activities by starting on our partner organization’s International System Security Association (ISSA) Northern Virginia (NOVA) chapter home page (google for ISSA NOVA). Please see the practical information for our LifeBoat group meeting and REGISTER SOONEST at https://www.meetup.com/NCR-Risk-Management-Framework-Lifeboat/ or by calling 703-402-4379.
********* WHERE/WHEN/PARKING for our 18 March meeting ********
Please note that we will be meeting at a different location from previous meetings. We are meeting at the Marshall High School Academy, 7731 Leesburg Pike, Falls Church, VA. This Fairfax County Public School is a designated Governor’s Science, Technology, Engineering and Mathematics (STEM) Academy. All students are encouraged to join us in our LifeBoat and help start our meetings. Student volunteers will give our LifeBoat group a short presentation to our friendly and interested group on current cyber events of their choice. Everyone may bring in your own snacks, lunch, and drinks to the “brunch lunch” 11am-1pm meeting. Some people also informally get together for “after the meeting” lunch together at different restaurants.
Besides earning Professional Development Units (PDUs) for participating our ISSA NOVA chapter Partner meeting, we all receive the encouragement and help we need for our cyber security professional growth. The friendly interactive presentations by our members of the meetup always lead to lively respectful discussions. Members always take away information that they that can be applied on the job in the following weeks! In additional our LifeBoat group meetings provide opportunities for the all-important professional networking. If you have a vexing problem, share with like-minded security professionals. They may have already successfully developed a way forward to resolve it.