DevSecOps · Flashcard

What is Continuous Authorization to Operate (cATO)?

  • AA rigorous, evolving ATO based on supply-chain cyber survivability, driven by real-time metrics
  • BA one-time authorization that is granted at launch and then never revisited afterward
  • CA waiver that simply exempts a system from any authorization requirements at all
  • DAn informal sign-off that is given verbally by the development team's own lead engineer

Why this is the answer

cATO is a more rigorous, evolving ATO predicated on cyber survivability posture across the entire software supply chain and driven by real-time metrics gathered at every step — not a one-time ATO, a waiver, or an informal sign-off.

Official docs
Study in Gnoseed →