Certificate to Field and ATO Inheritance¶
Definitions¶
-
An Authority to Operate (ATO) is a designation a government official provides on behalf of a Federal agency, which authorizes companies or organizations to operate their IT systems on government networks. Government officials grant ATOs to companies who have proven that their IT systems are secure and pose limited risks (if any) to their environments.
-
A Certificate to Field (CtF) is the application-level accreditation that allows your application to run in a specific environment within the DoD. This is part of your Deployment Passport.
Game Warden maintains a continuous ATO through AFWERX for Impact Levels 2, 4 and 5 (Il6 and JWICS are in the works).
Process¶
During implementation, your containerized software undergoes a rigorous process of image scanning and hardening coupled with mandatory approval by our Security team prior to any deployments. Game Warden provides all the tooling required to secure, harden, and run your applications. This process generates artifacts that are compiled into a Deployment Passport - a Game Warden term referring to the body of evidence necessary to meet Authority to Operate (ATO) requirements.
Deployment Passports
The Deployment Passport includes the System Security Plan (SSP), vulnerability scan results, any required external approvals, and proof of a government contract for your company. This signature-approved document serves as your ticket to inherit Game Warden's ATO and deploy to the Department of Defense (DoD).
ATO Inheritance¶
The Game Warden Security team and our government Information System Security Manager (ISSM) review this Deployment Passport and other supporting documentation. They will then approve it and issue a Certificate to Field (CtF), which allows the software to inherit the Game Warden platform ATO.
Game Warden customers DO NOT receive their own ATOs. You will inherit the Game Warden ATO via your Certificate to Field (CtF).
Certificate to Field (CtF) Maintenance and Expiration¶
To ensure they maintain compliance with ATO requirements, the Game Warden team must continuously monitor IT systems. As such, our security tooling continuously scans your application containers for new security findings, even after deployment to the production (PRD) environment. These findings will populate in Scan Lab and must be resolved in accordance with Game Warden's Acceptance Baseline Criteria.
Our Security Team is available for customers who have further questions, or to discuss with their government customers. Please contact us through a Support Ticket or at security@secondfront.com.
Certificates to Field expire one year after issuance or if your application moves to the next major version or implements an architectural change that would require modification of you Authorization Boundary Diagram
Frequently Asked Questions¶
FAQ: Do I get my own ATO through the Game Warden platform?
No, you will obtain a Certificate to Field (CtF) and inherit Game Warden's ATO.
FAQ: Once I inherit Game Warden's ATO, do I retain it if I leave the platform?
No. If you leave the Game Warden platform, you lose the inherited ATO.
Additional ATO Insight
For more information, read What is an ATO? – an article available on the Second Front Systems, Inc. website.
Feedback
Was this article helpful? Want to see something more?
Please reach out to us here with your feedback.
Last updated: 05/14/24