The Air Force is about to join the still-small group of federal agencies who’ve found ways to dramatically accelerate the process of granting cybersecurity approvals for IT systems.
The Authority to Operate (ATO) process, a paperwork gauntlet that routinely consumes months of time before new systems are allowed to be connected to government networks, is a requirement of the Federal Information Security Management Act. FISMA tells CIOs they must know and accept the security risks each system carries with it.
But there’s no particular reason the system can’t work much more quickly, said Bill Marion, the Air Force’s acting CIO. Service officials are expected to sign off on a new “fast-track” ATO policy within a matter of days, he said.
“We fundamentally believe this is going to help us bring capability faster,” he said last week at AFCEA NoVA’s annual Air Force IT Day. “It will bring us software modernization at a faster clip, but also provide better security.”
Marion said the new policy won’t be appropriate for every IT system, but in some ways, it will turn the traditional ATO process on its head. Rather than…
