1、 MEMORANDUM FOR SENIOR PENTAGON LEADERSHIP DEFENSE AGENCY AND DOD FIELD ACTIVITY DIRECTORS SUBJECT:Continuous Authorization To Operate(cATO)The Risk Management Framework(RMF)establishes the continuous management of system cybersecurity risk.Current RMF implementation focuses on obtaining system auth
2、orizations(ATOs)but falls short in implementing continuous monitoring of risk once authorization has been reached.Efforts in the Department are attempting to emphasize the continuous monitoring step of RMF to allow for continuous authorization(cATO).Real-time or near real-time data analytics for rep
3、orting security events is essential to achieve the level of cybersecurity required to combat todays cyber threats and operate in contested spaces.The purpose of this memo is to provide specific guidance on the necessary steps to allow systems to operate under a cATO state.cATO represents a challengi
4、ng but necessary enhancement of our cyber risk approach in order to accelerate innovation while outpacing expanding cybersecurity threats.In order to achieve cATO,the Authorizing Official(AO)must be able to demonstrate three main competencies:On-going visibility of key cybersecurity activities insid
升级VIP 