Open ctro opened 4 years ago
jonathan.lerner@usda.gov is the security contact to reach out to.
Shadat and Matt work closely with Jonathan. I haven't been able to speak with Jonathan yet, but Shadat and Matt relay the following good news:
Yes, it will be continuous as long as we use the same platform, operations model and controls. If we are following same rules on the same set of tools/process then we should be good. Matt and I will work with Cyber for the SSP controls/boundary etc. along with our ISSO lead Jon Lerner.
The ability to continuously work on the ATO while new development on OpenForest happens will ensure that we stay compliant with security requirements and will prevent us from working very far in any non-compliant direction. It also prevents us from doing security in one big bang -- spending a lot of time (I've seen months, years) at the end of our development phase working only on security requirements.
Background OpenForest will need to connect to other systems, and maybe other changes that will affect the ATO. How hard will it be to update our ATO?
Acceptance criteria
Tasks
Definition of done