© 2023 Kahua. All rights reserved.
IT Security
• Consider access and authentication protocols for internal and external users
• Ensure options for connection with other systems (commercial and government) are
included in initial Authority to Operate (ATO) architecture
• Having an engaged and rational ISSO/IT security POC is really important
• Understand what is covered within a FedRAMP ATO and what additional controls
need to be addressed at the agency level / with a separate agency ATO
• Consider ATO timelines and the impact on testing and integration work
• Consider resource requirements to address security on multiple levels
