Shift left - can automation fix the InfoSec and Risk Management ATO bottleneck?

Session Description

If you’ve worked on a delivery team in a federal agency, you are familiar with the dreaded three letters, ATO (Authority to Operate). This is your IT project’s driver’s license; you cannot officially drive “in production” without it. NIST has released OSCAL, a USG-sponsored data standard to drive automation of ATO processes. The OSCAL ecosystem will inspire a new generation of ATO automation, but can we move forward without addressing key blockers in process and operations management?