🔥 Subscribe to Our Monthly Security Digest Newsletter
Gain a practical approach, real-life insights, and expert guidance on scaling Government DevSecOps and Authority to Operate.
Part 1
Understanding the impact of traditional ATO
We’ll kick things off by looking at ATO functionality, emphasize automation’s significance, and address challenges in shifting left. Additionally, we’ll touch on collaboration and the pivotal role of empathy in change management.
Part 2
Exploring the continuous ATO playbook
In the second part, we delve into the cATO manifesto, focus on prioritizing security, privacy, and compliance. Bryon proposes adopting smaller authorization boundaries for increased agility, emphasizing API-level authorization, and transitioning to ongoing authorization to fortify security.
Part 3
Integrating cATO into Government DevSecOps
Lastly, we’ll turn our attention to integrating cATO into DevSecOps, involving the formation of cross-functional teams, the use of Just in Time Training, the connection of authorization packages to infrastructure as code, and the establishment of a secure release pipeline.
