|
|
|
|
|
|
by sailfast
3911 days ago
|
|
|
I'm not sure how this will expedite the ATO process as it uses technology that has not been STIG'd yet and may not have a "by the book" way to sign off (Docker, for instance, can be painful to ATO). EDIT: After viewing Noah's FISMA guidance vid (nice work) there is definitely possibility to expedite but to really grease things you'd want to create a certification arm within GSA that can sign off the risk or perform a "certified" risk assessment on behalf of the customer agency so you could do things your way while still allowing them to sleep at night. Once you get into sensitive data loads and non-public stuff people start to get even more risk averse. / End Edit That said, I'm hopeful that it does pave the way for change because this kind of platform is critical to reducing the barriers to experimentation in government. Perhaps because 18F is committing to supporting / upgrading the platform it will allow Federal CIOs and CISOs to shift some of the risk to 18F and sign the paperwork more quickly. |
|
|