Army to Enhance Continuous Authority to Operate Implementation

The U.S. Army will initiate two pilot programs to optimize its process of issuing continuous authority to operate certification to its IT systems.

According to Army Chief Information Officer Leonel Garciga, the pilots will involve two existing operational Army programs that will serve as a model for a service-wide transition to cATO frameworks, FedScoop reported.

The initiative comes amid a growing reliance on software-based systems within the Department of Defense and the Army’s recent software directive, which includes a provision for shifting from traditional ATO to a continuous ATO process.

The cATO approach grants ongoing permission to the service’s systems by implementing automated monitoring and security control throughout the development lifecycle, eliminating the need for frequent re-authorization and speeding up modernization efforts.

Garciga, a 2024 Wash100 awardee and a speaker at the Potomac Officers Club’s upcoming Army Summit, said the pilot programs would inform the Army’s larger cATO policy guidance. He added that the goal is to complete a four-step implementation plan and grant cATO approval to the two pilots by the end of summer.

Apart from the pilots, the Army has also identified seven DevSecOps programs that could be potential candidates for future cATO implementation.