August 6, 2024
Presented by Department of VA
Amber Pearson, Deputy Chief Information Security Officer at the Department of Veterans Affairs (VA), discussed her focus on automation to enhance cybersecurity processes, particularly regarding cloud services and the FedRAMP authorization process. One of her main goals is to optimize the Authority to Operate (ATO) process to speed up cloud service deployments while ensuring strong cybersecurity measures. Pearson highlighted the challenge of reducing the traditional ATO timeline, which can take up to 360 days and the VA’s involvement in the FedRAMP board to address these challenges. The recent use of the Open Security Control Assessment Language (OSCAL) format for system security plans represents a significant step toward automating and streamlining the ATO process. Pearson also emphasized the need for a mature FedRAMP environment that supports reuse and accelerates the deployment of new technologies to better serve veterans and their families.
Key Takeaways:
- The VA is focusing on automation to cut down the Authority to Operate (ATO) timeline and improve cybersecurity efficiency.
- Participation in the FedRAMP board and the adoption of OSCAL format submissions are key to streamlining the ATO process.
- A mature FedRAMP environment should prioritize reuse and speed to facilitate technology deployment across federal agencies.