Acquiring a Federal Authorization To Operate (ATO) is tedious, time-consuming, expensive and doesn’t necessarily enhance system security. Delays between when a system is created and when ATO controls are acquired/responded to/submitted lead to differences between what is reported and authorized and what exists at the system level. The big problem is: how do we connect the process of system development and maintenance with managing a control catalog, system component reporting, evidence collection and assessment, and have it be useful to both agency and system administrators?
We propose creating an OpenATO community to collaborate on constructing a framework, tools, documentation and templates to automate Federal system security compliance, from plan creation to component reporting, testing, and assessment – resulting in a standardized framework for developing shareable system security component structures and documention.
A place to manage the big picture of OpenATO. Product goals are tracked here while work-specific issues are tracked on the appropriate repo
Main website for OpenATO community | Open Source & Community Focus
Start here for all the information you need to understand how the OpenATO platform works, how to use it, and how to get the most out of it.
⚙ Geared For: Anyone who promotes, creates, or references OpenATO.
