Cloud ATO Working Group
The purpose of the Cloud ATO Work Group is to convene subject matter experts to exchange information related to cloud security authorizations to operate (ATOs) including but not limited to the FedRAMP program.
ACT-IAC provides an objective, vendor-neutral forum that is uniquely equipped to help the government understand how to leverage and secure new technologies.
GSA’s Technology Transformation Services (TTS) helps agencies build, buy, and securely share technology that allows them to better serve the public. The FedRAMP Program Management Office (PMO) resides within TTS and provides a standardized approach to security and risk assessment to enable the adoption of secure cloud services.
As technology evolves and advances, it is clear that the traditional “authorization to operate” (ATO) model is becoming an increasing constraint on delivering better solutions to the public. ACT-IAC and TTS, informed by its FedRAMP expertise, agreed to establish a Cloud ATO Work Group to exchange information about the current state of authorizations and provide individualized experiences and insights about potential future paths for cloud ATO processes including:
- Collaboration: Exchange facts or information on innovations and best practices in the field of IT security and secure cloud authorizations;
- Perspective: Leverage insights from individual participants to inform the group as a whole with a particular focus on sharing facts and data; and
- Standards: Identify ways to streamline adherence to federal security standards.
Government and industry have a mutual interest in identifying key challenges with the ATO process and sharing expertise and experiences. Participants in the Cloud ATO Work Group will share ideas on how to improve security standards in ways that are aligned with best practices, helping reduce the time, cost, and complexity of the authorization process. In addition, given the ever-present cyber security threats and the rapid pace of technological change and developments, both groups would benefit from a mutual exchange of facts and information to ensure federal security standards, such as those enacted by NIST , can be met efficiently and effectively. ACT-IAC is establishing this work group to exchange information and provide TTS and its FedRAMP Program the opportunity to directly inform industry’s approach to security and cloud authorizations.
Roles and Responsibilities
The Work Group will:
- Ensure its activities are conducted in a manner consistent with the ACTIAC mission, vision, and principles; and
- Identify and assign willing, qualified volunteers to execute responsibilities and oversee results.
The Cloud ATO Work Group will follow COI operating principles including:
- Activities should advance and be determined by government need;
- Activities must be objective, ethical, and vendor neutral;
- No business development or promotion; and
- Transparent and open to all interested ACT-IAC members.
The Cloud ATO Working Group will operate under Community of Interest governance rules and procedures. It will report to the ACT-IAC Cybersecurity COI leadership.
Group Project Deliverables
|Deliverable Name||Deliveable Type||Expected/Actual Deliverable Completion|