Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
Authorization to Operate ATO is the RMF decision by an Authorizing Official to accept residual risk and permit a system to operate in production.
Authorization to Operate (ATO) Definition: Authorization to Operate ATO is the RMF decision by an Authorizing Official to accept residual risk and permit a system to operate in production.
Authorization to Operate ATO is a formal management decision, central to the NIST Risk Management Framework, in which a senior official known as the Authorizing Official accepts the residual security risk of an information system and grants it permission to operate. It is issued after the system has been categorized, controls implemented, and an independent security assessment completed. An ATO is typically time-bound and may be conditional, requiring ongoing monitoring to remain valid.
Authorization to Operate (ATO) is one of the topics you'll master in the CGRC Boot Camp.
CGRC Boot Camp →