1.11 Play 11: Fast Track ATO
To rapidly deliver new capabilities to users while assuring security standards are being met, the Fast Track ATO process should be implemented. The goal of the Fast Track ATO methodology is to reduce the time and effort required to perform system risk assessment evaluations through continuous monitoring / continuous ATO. When evaluating Low-Code platforms determine what FedRAMP accreditations have already been granted to reduce the time and effort required to perform and maintain the security risk assessment processes.
For additional information on the Department of the Air Force Fast Track ATO process:
https://www.fedscoop.com/wp-content/uploads/2019/04/Tab-2-Fast-Track-ATO-Deputy-CIO-Signed.pdf
Checklist
- Determine what FedRAMP accreditations have been achieved by the Low-Code platform
- Determine if the required Fast Track ATO monitoring / testing tools are supported by the Low-Code platform
- Consider whether the user should be able to access, delete, or remove their information from the system
- Use automation tools to ensure configuration of production environment remains consistent and controllable
- Understand the requirements of the Fast Track ATO process
Fast Track ATO Goals
Key Questions
- Does the system currently have an ATO?
- What is the current ATO process?
- Has the system security baseline been established?
- What FedRAMP accreditations has the Low-Code platform received?
- What monitoring tools will be used to determine if new vulnerabilities have been introduced?
- How will system vulnerabilities be reported?
- How does a user access, correct, delete, or remove personal information?
- Will any of the personal information stored in the system be shared with other services, people, or partners?
- How and how often is the system tested for security vulnerabilities?
- Can the system be tested by a trusted external provider, e.g. Penetration Testing, Adversarial Testing, etc.
- Can the Fast Track ATO option be implemented?