ATOs Suck

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/ce/01/5b/ce015bf7-e67d-5601-8b55-b0af389858b2/mza_16845771089983186347.jpg/600x600bb.jpg

"This Is Fine" with Hunter Strategy

Hunter Strategy

15 episodes

5 days ago

Welcome to "This Is Fine" with Hunter Strategy, because who doesn't need another podcast, right? But hold on, this isn't your typical corporate spiel. "This Is Fine" dives deep into Cloud security and agile methods, but with a twist of humor, sarcasm, and a sprinkle of dad jokes. Instead of boring PDFs, we bring lively discussions to life, offering a peek behind the curtain at our quirky team. Join us for a roller coaster ride through tech talk and more. Trust us, it's going to be fine... probably!

Technology

RSS

All content for "This Is Fine" with Hunter Strategy is the property of Hunter Strategy and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_episode/41233744/41233744-1719494617810-35e50ea0157b6.jpg

ATOs Suck

"This Is Fine" with Hunter Strategy

29 minutes 23 seconds

1 year ago

ATOs Suck

Today’s episode takes you on a (somewhat procedural) ride through the world of government security authorizations. Matt Triner and Chris Sowards, a GRC (Governance, Risk, and Compliance) expert at Hunter Strategy, break down the Authority to Operate (ATO) process using a relatable analogy: buying a car. Just like how buying a car is a decision that involves cost, efficiency and risk, the government needs to use a multitude of factors to review the security risks before allowing a system to operate.

We'll explore the differences in ATO processes between agencies, how they handle risk tolerance, and the challenges companies face, like dealing with non-essential controls and navigating compliance culture. Matt and Chris talk through a range of topics offering advice for new companies and discuss the struggles of FedRAMP accreditation. They’ll even touch on the specific challenges faced by software vendors in obtaining ATOs.

Don't miss this episode if you're interested in government risk and compliance, selling software to the government, or wonder why it takes so long for the government to get new systems online!

Chapters:

00:00 Introduction to ATO Process

01:29 ATO Process Analogy: Buying a Car

03:02 Different ATO Processes for Different Agencies

04:55 Different Risk Tolerance for Different Agencies

06:10 Challenges in the ATO Process

08:02 Dealing with Non-Applicable Controls

09:30 Navigating ATO Process for New Companies

11:09 Bizarre Situations in ATO Remediation

12:31 Navigating Compliance and Mitigating Controls

13:23 Teaching Assessors about System Security

14:45 Advice for Companies Selling to the Government

17:23 ATO for On-Prem Software in the Cloud

19:19 Challenges with Cloud-Based Systems

21:33 Struggles with FedRAMP Accreditation

25:02 ATO for Software Providers

27:09 ATO Challenges for Atlassian Suite

28:58 Using AWS Infrastructure for On-Premise Jira

29:57 Challenges in Assessing SAS Applications

30:36 The Role of Third-Party Assessors

31:24 Conclusion and Future Topics