KISSIMMEE, Fla. — In direct response to recent complaints from industry officials about how the authority to operate (ATO) process is hindering rapid technology and software innovation, Department of Defense leadership issued new guidance aimed at resolving risk management and cybersecurity reciprocity challenges.
Reciprocity essentially enables federal entities to reuse another internal or external organization’s assessments to share information — and ultimately reduce associated costs in time and investments that accompany approving IT systems to operate on the information networks.
During his keynote at the annual GEOINT Symposium on Wednesday, Pentagon Chief Information Officer John Sherman unveiled a new one-page memorandum signed by Deputy Defense Secretary Kathleen Hicks on May 2 that directs “testing re-use and reciprocity to be implemented [by DOD authorizing officials] except when the cybersecurity risk is too great.”
“This is coming from the deputy secretary on down that reciprocity should be a default. It should be the first choice as opposed to having to redo all the due diligence again. We’re trying to strike a balance in…
