If you have spent any time developing or deploying software at a government agency, you have heard about Authority to Operate (ATO). Traditionally, an ATO was/is a point-in-time authorization. Systems would be subject to ‘rigorous’ testing & review, and once deemed secure by some group of humans by looking at written documentation and maybe some code reviews, were granted an ATO for a defined period.  In the case of the traditional Risk Management Framework (RMF), that ATO is for three years.  The challenge is…

Much to the chagrin of companies across America, the NCAA Basketball Tournament that we call March Madness is upon us. WalletHub estimates that corporations will lose $13.8B due to unproductive workers, and around $10B will be wagered during the tournament. People have been listening to pundits, pouring over data, and looking for anything that might give them an edge in filling out a winning bracket for their office bracket pool, or give them family bragging rights until next year’s tournament, or win big on a wager.