ACT-IAC white paper maps a path to FISMA's ATO

The ACT-IAC Cybersecurity Community of Interest unveiled a white paper introducing an operational maturity model to automate Authority to operate (ATO) processes, reports FedNewsNetwork The framework highlights leveraging open standards like OSCAL to reduce manual effort and improve cybersecurity.

Dan Jacobs of OPM emphasized challenges in dependencies, workforce training, and procurement integration. Colead Gaurav Pal described ATO-as-code as a crucial step toward continuous ATO. Agencies such as the Air Force and NGA have adopted similar approaches. This maturity model aims to standardize risk management automation across federal agencies, emphasizing actionable steps over reliance on proprietary tools.