备忘录持续授权运行(cATO).pdf
MEMORANDUM FOR SENIOR PENTAGON LEADERSHIP DEFENSE AGENCY AND DOD FIELD ACTIVITY DIRECTORS SUBJECT:Continuous Authorization To Operate(cATO)The Risk Management Framework(RMF)establishes the continuous management of system cybersecurity risk.Current RMF implementation focuses on obtaining system authorizations(ATOs)but falls short in implementing continuous monitoring of risk once authorization has been reached.Efforts in the Department are attempting to emphasize the continuous monitoring step of RMF to allow for continuous authorization(cATO).Real-time or near real-time data analytics for reporting security events is essential to achieve the level of cybersecurity required to combat todays cyber threats and operate in contested spaces.The purpose of this memo is to provide specific guidance on the necessary steps to allow systems to operate under a cATO state.cATO represents a challenging but necessary enhancement of our cyber risk approach in order to accelerate innovation while outpacing expanding cybersecurity threats.In order to achieve cATO,the Authorizing Official(AO)must be able to demonstrate three main competencies:On-going visibility of key cybersecurity activities insid
展开阅读全文
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 备忘录 持续 授权 运行 cATO
联参智库所有资源均是用户自行上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作他用。
关于本文