Achieving Continuous Authority to Operate (ATO)
• Podcast
Publisher
Software Engineering Institute
Topic or Tag
Listen
Watch
Abstract
Authority to Operate (ATO) is a process that certifies a system to operate for a certain period of time by evaluating the risk of the system’s security controls. ATO is based on the National Institute of Standards and Technology’s Risk Management Framework (NIST 800-37). In this podcast, Shane Ficorilli and Hasan Yasar sit down with Suzanne Miller to discuss Continuous ATO, including challenges, the role of DevSecOps, and cultural issues that organizations must address.
About the Speaker
Hasan Yasar
Hasan Yasar is the Technical Director of the Continuous Deployment of Capability group in the SSD Division of the Software Engineering Institute, CMU. Hasan leads an engineering group to enable, accelerate, and assure transformation at the speed of relevance by leveraging DevSecOps, Agile, Lean AI/ML, and other emerging technologies to …
Read more
Shane Ficorilli
Shane Ficorilli is an SEI alumni employee.
Shane Ficorilli is a software engineer specializing in DevSecOps pipeline architecture and engineering in the SEI’s Software Solutions Division. Ficorilli has been with the SEI for six years, initially working on the Network and Infrastructure Engineering team in IT. Prior to joining the …
Read more