search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Achieving Continuous Authority to Operate (ATO)

Podcast
By
Shane Ficorilli and Hasan Yasar sit down with Suzanne Miller to discuss Continuous ATO, including challenges, the role of DevSecOps, and cultural issues that organizations must address.
Publisher

Software Engineering Institute

Subjects

Listen

Watch

Abstract

Authority to Operate (ATO) is a process that certifies a system to operate for a certain period of time by evaluating the risk of the system’s security controls. ATO is based on the National Institute of Standards and Technology’s Risk Management Framework (NIST 800-37). In this podcast, Shane Ficorilli and Hasan Yasar sit down with Suzanne Miller to discuss Continuous ATO, including challenges, the role of DevSecOps, and cultural issues that organizations must address.

About the Speaker

Headshot of Hasan Yasar.

Hasan Yasar

Hasan Yasar is the Technical Director of the Continuous Deployment of Capability group in the SSD Division of the Software Engineering Institute, CMU. Hasan leads an engineering group to enable, accelerate, and assure transformation at the speed of relevance by leveraging DevSecOps, Agile, Lean AI/ML, and other emerging technologies to …

Read more
Shane Ficorilli

Shane Ficorilli

Shane Ficorilli is an SEI alumni employee.

Shane Ficorilli is a software engineer specializing in DevSecOps pipeline architecture and engineering in the SEI’s Software Solutions Division. Ficorilli has been with the SEI for six years, initially working on the Network and Infrastructure Engineering team in IT. Prior to joining the …

Read more
SHARE

Supplemental Materials

Download Transcript
Ask a question about this Podcast