![Software Engineering Institute (SEI) Podcast Series artwork](https://is5-ssl.mzstatic.com/image/thumb/Podcasts113/v4/74/4c/20/744c209c-570e-f609-f4ab-23ad6c680dc8/mza_2854736445903420738.jpg/100x100bb.jpg)
Achieving Continuous Authority to Operate (ATO)
Software Engineering Institute (SEI) Podcast Series
English - November 24, 2020 23:24 - 33 minutes - 40 MB - ★★★★★ - 18 ratingsTechnology Science futuretech softwareengineering cybersecurity Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Challenging the Myth of the 10x Programmer
Next Episode: The CMMC Level 1 Assessment Guide: A Closer Look
Authority to Operate (ATO) is a process that certifies a system to operate for a certain period of time by evaluating the risk of the system's security controls. ATO is based on the National Institute of Standards and Technology’s Risk Management Framework (NIST 800-37). In this podcast, Shane Ficorilli and Hasan Yasar, both with the Carnegie Mellon University Software Engineering Institute, discuss continuous ATO, including challenges, the role of DevSecOps, and cultural issues that organizations must address.