2019 Government Innovation Awards
NGA speeds ATOs for low-risk systems
Anyone who has done business with the federal government knows how laborious it is to receive an authority to operate. That process can be even more cumbersome for contracts and projects in the intelligence community.
That reality spurred the Risk Management Division of the National Geospatial-Intelligence Agency to look for ways to streamline the assessment and authorization of their information systems. In 2018, the agency implemented a new policy that incorporates both waterfall and agile software development while automating parts of the ATO process and calculating risk scores that were tailored to evaluate readiness.
The division also reworked the National Institute of Standards and Technology’s Risk Management Framework to better group security and risk activities by areas of responsibility between the division and system operators.
Telos helped the agency automate parts of its ATO process, and Justin Ford, the company’s technical director for enterprise solutions, said the federal government has historically looked at governance versus compliance objectives as red tape. But “NGA looked at it a little bit differently, and rather than trying to make the RMF process simpler, they went even further and basically said: How can we make the RMF process support the mission…so you can get there not only faster but stronger and better?” Ford said.
NGA’s approach has received accolades from industry, dramatically shortened authorization for low-risk information systems and freed personnel to focus more on higher-risk systems. Under the new process, three out of every four projects have received an ATO within five weeks.
Connect with the GCN staff on Twitter @GCNtech.