1 1 00:00:00,210 --> 00:00:02,610 Completing the risk management framework 2 2 00:00:02,610 --> 00:00:06,630 so you can get your approval to operate is a lot of work. 3 3 00:00:06,630 --> 00:00:09,690 It would be great if there was some way to automate it. 4 4 00:00:09,690 --> 00:00:11,100 Well, you're in luck, 5 5 00:00:11,100 --> 00:00:15,870 because there are several ways to automate your ATO. 6 6 00:00:15,870 --> 00:00:20,340 For example, there's a commercial tool called Xacta 360, 7 7 00:00:20,340 --> 00:00:22,290 which is made by Telos. 8 8 00:00:22,290 --> 00:00:25,080 Now, some federal agencies have actually 9 9 00:00:25,080 --> 00:00:30,080 built their own dedicated NIST RMF automation tools, 10 10 00:00:30,450 --> 00:00:32,520 such as the US Navy, 11 11 00:00:32,520 --> 00:00:33,909 and other federal agencies 12 12 00:00:33,909 --> 00:00:36,690 like the Department of the Interior 13 13 00:00:36,690 --> 00:00:40,173 use the Cybersecurity Assessment and Management System. 14 14 00:00:41,340 --> 00:00:44,370 You could even make your own automated workflow 15 15 00:00:44,370 --> 00:00:48,570 by using a product like Microsoft SharePoint web platform. 16 16 00:00:48,570 --> 00:00:50,550 And finally, the Department of Defense 17 17 00:00:50,550 --> 00:00:55,350 has funded their own tool, and it's called eMASS, 18 18 00:00:55,350 --> 00:00:56,520 and that stands for 19 19 00:00:56,520 --> 00:01:01,170 Enterprise Mission Assurance Support Service. 20 20 00:01:01,170 --> 00:01:03,660 Lots of military branches are using it, 21 21 00:01:03,660 --> 00:01:07,440 and more are being required to start using it. 22 22 00:01:07,440 --> 00:01:11,040 In the next two videos, we're going to dig deeper into eMASS. 23 23 00:01:11,040 --> 00:01:14,700 What is it, and how does it work in the real world? 24 24 00:01:14,700 --> 00:01:19,150 And then, we'll take a look at a few risks of using eMASS. 25 25 00:01:19,150 --> 00:01:21,582 (light music)