NoahKunin
commented
7 years ago Hi @bab262! Not a contractor, I'm with 18F/GSA. We lots of initiatives on this already. Hopefully you follow the 18F blog so you can get all the new updates we'll be rolling out soon. https://18f.gsa.gov/blog/
To your specific questions:
What could help the contractor or project team achieve a smoother ATO?
The first and most important stuff is to not start the ATO at the end! Work on it incrementally through the whole process. We know that's very hard, and most govt agencies won't accept it. We're working on that, and you can forward them to 18F in the meantime for consultation on iterative security practices.
Do you see any benefit in including the government contractor in the ATO process?
Yes! They're already involved, at least everywhere I've been. I'd be surprised if they weren't.
Perhaps including NIST standards in RFQs?
They are in all RFQs and RFPs! If they're not, the Govt. CO has made a mistake IMHO... :(
Or having them create the Compliance Masonry as part of a contract requirement?
As one of the founders of Compliance Masonry, yes! This would be huge. As soon as we get it to 1.0 hopefully in the next 3-6 months, we should absolutely work on this.
bab262
mogul
A question for federal contractors performing digital services/IT Modernization work for the Government: The ATO process at the end of development is an inevitable hurdle to overcome for successful project completion. What could help the contractor or project team achieve a smoother ATO?
Do you see any benefit in including the government contractor in the ATO process? Perhaps including NIST standards in RFQs? Or having them create the Compliance Masonry as part of a contract requirement?
I'm a GSA Contracting Officer hoping the better the process for the entire project team (contractor and Government). Thank you!