The Homeland Security Department is doing more than just writing policy to require reciprocity of cloud services among components.
DHS also is trying to streamline the approval process, which to many agencies is a time-consuming and arduous effort to meet the authority to operate (ATO) requirements.
Dr. John Zangardi, the DHS chief information officer, said he launched a new authority to proceed (ATP) process to help address the timeliness challenges without losing the necessary security rigor.
“Rather than waiting for us to deal with every vulnerability or risk that comes up with a particular application or system, we allow it, the system or application, to get on the network sooner. So as soon as we can find a way to mitigate the high vulnerabilities, let’s get it on the network. We can give it a year to clean everything up and mitigate it,” Zangardi said on Ask the CIO. “At the end of the year, if we did, we give it a regular ATO and put it into the continuous monitoring process and off it goes. We’ve done this in a way that hopefully will help us speed things up because that’s the key.”
DHS is…
