The US Army has granted a three-year Assess Only Authority to Operate (ATO) designation to AttackIQ, an independent vendor of Breach and Attack Simulation (BAS) systems.
Senior officials granted this approval to launch the company’s Security Optimization Platform within the military branch.
AttackIQ’s ATO was successfully granted a Moderate/Moderate/Low classification after a thorough, multi-phase process that began in 2021 and included several levels of evaluations and rigorous security assessments.
The company collaborated with KAIROS, a provider of sophisticated cybersecurity analysis and implementation provider within commercial, federal, and Department of Defense (DoD) environments, to launch the process.
AttackIQ is the first BAS platform to receive this ATO designation. It will allow the US Army to use AttackIQ’s Security Optimization Platform to develop a more strategic and proactive defense posture across its mission-critical assets in support of warfighters around the globe.
“With the Assess Only ATO accreditation, AttackIQ will allow the US Army to deploy a threat emulation capability across various production networks in support of critical mission objectives,” said Dakota R. Steedsman, Lieutenant Colonel, US Army. “The AttackIQ platform’s continuous security control validation gives our security teams real-time, data-driven visibility into whether their controls are working as intended, enabling uninterrupted verification of program health at scale and in an automated fashion.”
More than a dozen US government agencies and organizations, including customers in the legislative branch, intelligence community, defense agencies, and numerous executive branch civilian agencies, trust AttackIQ’s platform to validate their security continuously and achieve a threat-informed defense at scale.
AttackIQ’s Assess Only ATO designation will enable organizations across DoD, as well as other federal agencies, to apply for reciprocity via the Enterprise Mission Assurance Support Service (eMASS) system, an internal government system that documents all security checks and authorizations. This allows them to integrate AttackIQ’s technology within their production environment without requiring a new ATO.
The purpose of reciprocity is to decrease time and resource expenses associated with additional testing, assessments, and paperwork to enable other federal agencies expedited access to valuable infrastructure technologies.
“This ATO is a testament to AttackIQ’s ability to deliver the technology and knowledge our nation’s most critical organizations need to stay ahead of today’s rapidly evolving threat landscape,” said Stacey Meyer, Vice President of Federal Operations, AttackIQ. “AttackIQ has a strong partnership with the US Army, and it has been a privilege to assist them with developing and deploying their Threat Emulation Program. We look forward to replicating this joint accomplishment across other federal agencies to strengthen their mission-critical assets.”