“Cloud adoption has been an ongoing initiative across the federal government as a whole, but the question of how to vet new solutions and continuously authorize existing cloud capabilities remains for many agencies.
Federal IT officials during Wednesday’s GovernmentCIO Media & Research Infrastructure Security event provided a look at how iterative, automated and resuable approaches to modernization and authorities to operate (ATOs) are answering that question.
Centers for Medicare and Medicaid Services CISO Rob Wood said that amid ATO automation attempts, iteratively automating parts of the authorization and security pipeline is a productive step to improving the compliance process.
‘Embrace the fact that automation can be as simple as taking care of the repetitive five-minute annoying things that fill up your day on a regular basis or going back and forth and trying to schedule things or soliciting feedback or agenda items before a meeting or whatever it happens to be,’ Wood said. ‘If you can pile up and stack up a number of those small wins, then your team as a whole can be much more effective with their time.’
The Department of Veterans Affairs, which has a goal of an 80% utilization rate for cloud services, has also been using automation and an iterative process to its capability adoption through DevSecOps strategies.
‘We continue to look at various ways of how we can automate across the board,’ said VA Enterprise Cybersecurity Architect Royce Allen. ‘We had a meeting with FedRAMP about automation. They’re moving information from OMB MAX to our system of record for how we capture our authorizations, so that we can move away from doing some things manually.’…” Read the full article here.
Source: Feds Encourage Iterative, Automated Approaches to Cloud, ATO – By Melissa Harris, March 31, 2021. GovernmentCIO.