Enable breadcrumbs token at /includes/pageheader.html.twig

U.S. Army Working on Delivering Continuous Authority To Operate Projects

Officials announce that two pilot programs are underway.

Leonel Garciga, chief information officer, U.S. Department of the Army, speaks at TechNet Augusta 2024.

The U.S. Army is beginning to implement practices related to continuous authorization to operate (cATO), concepts the service hopes will offer constant evaluation and analysis of risks related to cybersecurity. Leonel Garciga, the chief information officer for the U.S. Department of the Army, addressed this topic while speaking at TechNet Augusta 2024, held August 19-22, in Augusta, Georgia.

Officials with the Program Executive Office (PEO) Soldier are applying cATOs to Nett Warrior, a system that provides leaders with situational awareness that allows for faster and more accurate decisions in the tactical fight, according to PEO Soldier.

U.S. Army Cyber Command and PEO-Intelligence, Electronic Warfare and Sensors (IEW&S) officers are also using cATOs in their operations, specifically in the Gabriel Nimbus program. PEO IEW&S officials say the Gabriel Nimbus, otherwise known as the Army’s Big Data Platform, allows for data to be accessed and delivered to users through applications and analytics that drive decisions and enhance situational understanding.

In the past, Army operations focused only on implementing and procuring ATOs; however, these certifications fail to address the constant vigilance that officials must have when it comes to monitoring risk. The Army hopes this solves that issue.

To obtain a cATO, the Office of the Secretary of Defense says that authorizing officials are required to demonstrate three main tasks:

Ongoing visibility of key cybersecurity activities inside the system boundary with a robust continuous monitoring of Risk Management Framework controls.
The ability to conduct active cyber defense to respond to online threats in real time.
The adoption and use of an approved DevSecOps reference design.

Garciga said that the process of releasing these cATO programs is one that took some time and required help from several different groups within the Army.

“We didn’t wake up last year and say we were going to do this,” said Garciga. “This has been, in many ways, about a three-year effort between some folks in the Army G2, some folks in CIO, some folks in the G6 and some folks at ARCYBER [Army Cyber Command] to really lay the foundation to make this happen for the Army.”

Leonel Garciga, the chief information officer for the U.S. Department of the Army, said at TechNet Augusta that the process of releasing cATO programs is one that took some time and required help from several different groups within the Army.