About MCaaS
A&A Milestones
We understand that ATO is an important and complex process your application as a tenant on the MCaaS platform. We recommend working closely with your ISSO/ISSM from an early phase to set expectations and resolve any unknowns before the assessment and authorization process. Below is an overly simplified A&A milestone to help you understand your ATO journey.
Below is the list of documents and steps that take you towards the assessment phase for reference:
| Tasks | Assignment Responsibility |
|---|---|
| Complete SSP Draft - Sections 1-12 | Program Team |
| ISSO Review: Section 1-12 of SSP for Architecture Review and quality control | ISSO |
| Submit sections 1-12 of SSP for Architecture Review | ISSO |
| Complete SSP Draft - Section 13 | Program Team |
| Complete PTA/PIA | Program Team |
| Complete FIPS-199 | Program Team |
| Complete Digital Identity Acceptance | Program Team |
| Complete ISA documentation if required | Program Team |
| Complete BIA | Program Team |
| Complete Continuity of Operations Plan | Program Team |
| Complete Configuration Management Plan | Program Team |
| Complete Incident Response Plan | Program Team |
| Complete Rules of Behavior for system | Program Team |
| Fully instantiate environment for assessment (Essentially means that your SaaS, IaaS, PaaS is configured for GSA usage) | Program Team |
| Complete OS/DB Scanning | ISSO/SecOps |
| Complete Web Scanning for GSA implementation site (Netsparker scan from SecOps) | ISSO/SecOps |
| Remediate High and Critical Findings from Netsparker or WebApp scan | Program Team |
| Rescan to ensure remediation | ISSO/SecOps |
| Remediate any Architecture Review questions | Program Team |
| Submit section 13 to ISSO for review and acceptance | Program Team |
| Remediate any control comments from ISSO | Program Team |
| ISSO submits section 13 to ISSM for acceptance and movement forward for assessment if no issues remain | ISSO |
- On this page:
test