Authorization to Operate (ATO) Process

The Authorization to Operate (ATO) process, mandated by the Federal Information Security Modernization Act of 2014, is a formal review that determines whether an information system meets required security controls and risk thresholds. It involves documenting the system's security posture, assessing residual risks, and receiving a senior official's written approval for the system to operate.