Innovation

18F seeks to streamline ATO process

Shutterstock image (by retrorocket): Cutting red tape.

Innovation group 18F has launched an interagency project to make it easier for federal agencies to adopt commercial software and products.  

Project Boise’s goals are “to reduce the burden (time, cost and pain) and improve the effectiveness of the federal government’s software security compliance processes,” according to a statement posted on GitHub.

Those security compliance processes require agencies to obtain an authority to operate (ATO) before adopting commercial software and entail additional requirements depending on individual agencies’ rules.

Those reviews can be handled by government employees or third parties, but they add a bureaucratic hurdle for agencies that want to use commercial products.  

Federal officials estimate that it takes about four months for a cloud provider’s service to be approved for government use. Jason Hess, chief of cloud security at the National Geospatial-Intelligence Agency, said in March that his agency has managed to obtain ATOs in seven days and wants to shorten that time frame to a single day.

18F officials would like all agencies to have a turnaround time closer to NGA’s. To do that, they plan to build on the effectiveness of ongoing ATO improvement projects by working with chief information security officers, cybersecurity policymakers and private-sector entities engaged in security compliance, among others.

The innovation shop also hopes to collaborate with the National Institute of Standards and Technology, the Department of Homeland Security and the Office of Management and Budget to help turn its research into policy.

The Trump administration created the Office of American Innovation to help agencies deliver better services to citizens by adopting private-sector practices. Earlier this month, the General Services Administration, 18F’s parent agency, announced that it is collaborating with the office to improve the ATO process.

In a July 25 blog post on Medium.com, former U.S. Deputy CTO Nick Sinai wrote that Project Boise aims to make it easier for agencies to securely and quickly launch software by integrating “security and compliance into the very beginning of how federal agencies buy and build IT systems   --  combining development, security and operations...rather than bolting on security at the end.”  

Sinai, who is now a venture partner at Insight Venture Partners, added that “if the Trump administration is going to build on the Obama administration’s efforts to modernize, it will need to transform how the federal government does security compliance.”

About the Author

Chase Gunter is a former FCW staff writer.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.