Home  /  Empower and Protect  /  The Quest for Continuous ATO

The Quest for Continuous ATO

By Rick Tracy •  June 18, 2018
NIST SP 800-53

Download the new case study from AWS and Telos featuring the U.S. Intelligence Community

The story of the Central Intelligence Agency turning to Amazon Web Services to build a dedicated cloud region for the U.S. Intelligence Community is fairly well known in government technology circles.

What isn’t as well known is how AWS was able to build an entire cloud environment — with advanced features like virtually unlimited capacity, auto scaling, instant provisioning, and fault isolation — that could also meet the IC’s strict security requirements without delaying its launch by months or years.

That story is now available in a concise four-page case study from Telos Corporation and AWS.  It explains how Telos worked with AWS and the sponsoring agency to engineer a solution that would enable our Xacta® platform to inherit controls authorizations in the IC’s Commercial Cloud Services (C2S) environment.

As we write in the study, “This has revolutionized traditional A&A practices, streamlining the end-to-end process allowing a completed Body of Evidence (BoE) of an AWS service to be submitted for authorization in as little as one week versus the traditional six to nine months previously expected.”

In turn, Xacta customers with workloads hosted in C2S can inherit pre-vetted security controls from AWS services and rapidly identify and select the controls that apply to them.  Xacta also integrates with AWS APIs to support scanning, testing, and monitoring in order to continuously validate the security compliance of C2S-based resources.

All of this has dramatically reduced the time and cost of security compliance. One AWS security practitioner projects that he “expects a dramatic increase in efficiencies and effectiveness in completing ATOs, in some cases up to 90% faster.”  This efficiency also liberates time for C2S customers to focus on risk-based decision-making rather than untangling and documenting security controls.

If you’ll be at the AWS Public Sector Summit this week, you can hear about this program directly from Hugh Barrett, co-inventor of Xacta and one of the co-authors of this case study. He and Troy Poppe, principal solutions architect for AWS, will present this case in a live session on Wednesday, June 20, at 10:00AM.  You can learn more about the session here.

I invite you to download the case study for the complete story of this significant step toward achieving continuous security compliance in the cloud. And we hope to see you at AWS PSS Booth #428 for more conversation.

Rick Tracy

Rick Tracy

Rick Tracy is the senior vice president and chief security officer at Telos Corporation. Follow him on Twitter: @rick_tracy See full bio...

The Empower and Protect Blog brings you cybersecurity and information technology insights from top industry experts at Telos.

Leave a Reply

Your email address will not be published.

18 + eight =