Scribd Logo
Upload

Welcome to Scribd!

  • RMF ATO - Rev 7

    Uploaded by

    Daniel Lehman
    7 views2 pages

    Original Title

    RMF ATO_Rev 7

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views2 pages

    RMF ATO - Rev 7

    Uploaded by

    Daniel Lehman

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    DEFENSE SECURITY SERVICE

    NATIONAL INDUSTRIAL SECURITY PROGRAM AUTHORIZATION OFFICE


    27130 TELEGRAPH ROAD
    QUANTICO, VA 22134-2253

    February 24, 2020


    MEMORANDUM FOR [INSERT COMPANY NAME]
    ATTN: [INSERT ISSM NAME]

    SUBJECT: Authorization to Operate (ATO) for CAGE-YYYYMMDD-#####-#####

    References:
    (a) National Industrial Security Program Operating Manual (NISPOM),
    DoD 5220.22-M, dated 28 February 2006
    (b) Defense Security Service (DSS) Assessment and Authorization
    Process Manual (DAAPM), dated TBD
    (c) CAGE-YYYYMMDD-#####-#####, Version 1.0, System Security
    Plan, dated DD Month YYYY

    In accordance with References (a) and (b), and based on adherence to Reference
    (c), the undersigned hereby grants Authorization to Operate (ATO) for this Information
    System (IS) with the following parameters:
    a. System Type: SELECT SYSTEM TYPE
    b. Classification: SELECT CLASSIFICATION
    c. Categorization:
    Confidentiality: SELECT IMPACT VALUE
    Integrity: SELECT IMPACT VALUE
    Availability: SELECT IMPACT VALUE
    d. Formal Access Approvals: ☐COMSEC ☐CNWDI ☐NATO
    e. CAVEAT: ☐RD ☐FRD ☐FGI ☐OTHER:
    f. Location: SELECT AREA
    g. Type Authorization: ☐YES ☐NO
    h. Protected Distribution System: ☐APPROVED ☐NOT APPLICABLE
    i. Operating System(s):
    j. Trusted Downloading: DSS APPROVED PROCEDURES
    k. Periods Processing: ☐YES ☐NO
    l. Mobility: SELECT MOBILITY TYPE
    ☐OTHER:
    m. Connections: SELECT CONNECTION
    NSP UID: NSP Date:
    MOU Agency: MOU Date:
    Network Name: SELECT NETWORK
    ☐OTHER
    The Authorization Termination Date (ATD) is [INSERT MONTH DD, YYYY].
    The Information System Security Manager (ISSM) is responsible for submitting
    quarterly updates regarding the status of the POA&M to their assigned DSS Information
    Systems Security Professional (ISSP), [INSERT ISSP NAME], as applicable. Any
    modification of system configuration, information protection requirements, or physical
    location must be evaluated and approved by DSS prior to implementation.

    [INSERT UID] shall operate under the following terms and conditions:
    a. [INSERT TERMS AND CONDITIONS, e.g. number of users is limited
    to ##, limited locations, TEMPEST/OPSEC requirements, etc.]

    In accordance with paragraph 1-206a of the NISPOM, DSS will be conducting


    periodic on-site technical security reviews of your IS to ensure adequate protection of
    classified information is maintained through continued compliance with the agreed upon
    security controls identified in the SSP. If you have any questions, please feel free to
    contact [INSERT ISSP NAME], [INSERT ISSP E-MAIL ADDRESS].

    A copy of this letter will be retained with all relevant system documentation.

    Sincerely,

    [INSERT RAO NAME]


    Regional Authorizing Official

    You might also like