The General Services Administration’s 18F organization has developed a security certification process for government information technology systems through the use of agile development methods, Nextgov reported Tuesday.
18F’s agile-based authority-to-operate process aims to apply an iterative approach to IT security authorizations and place security work at the start of a project.
“What we try to do is at the very beginning of the project, the first few weeks, we get an ATO,” Michael Torres, director of product at 18F, told Nextgov.
“And then every piece after that, we increment that ATO so it covers more and more of the system,” he added.
Torres noted about 18F’s efforts to further develop the iterative ATO process with security personnel at federal agencies.
“What we’re advocating is to help them and help the program team just focus on this small piece that we’re releasing so that we can make sure that that’s secure and also put in processes and maybe some infrastructure to make sure the next time we release there’s a process for an iterative ATO that doesn’t take as much time and is not as daunting,” he added.