▎Distributed C2

Continuous Authority to Operate/ cATO

Accreditation model granting ongoing ATO based on continuous monitoring and pipeline controls.

Definition

cATO replaces three-year ATO cycles with continuous monitoring, automated control evidence, and a hardened DevSecOps pipeline. It is the policy enabler that lets defense software ship at sustainable cadence and is the only realistic ATO posture for distributed C2 services that update weekly.

Reference attributes

Issuer: DoD CIO
Prerequisite: Continuous monitoring + hardened pipeline

Related terms

DevSecOps
Practice of integrating security into continuous software delivery pipelines.
Platform One
U.S. Air Force enterprise DevSecOps platform serving the joint force.

#accreditation#policy