Generating ATO artifacts from an authorization package

  • Release version: Yokohama
  • Updated January 30, 2025
  • 1 minute to read

    • Generate Authority to Operate (ATO) artifacts for Microsoft Word, such as a System Security Plan (SSP), Security Assessment Report (SAR), Plan of Actions and Milestones (POA&Ms), Security Assessment Plan (SAP), ATO Letter, and Executive Summary, from an authorization package in CAMWorkspace. Generating ATO artifacts as a Microsoft Word file enables more ways to edit and collaborate, and it helps you comply with security standards.

    ATO artifacts are documents and evidence that are produced while authorizing a system and support the compliance of a package with the security standards.

    The SSP, SAR, POA&Ms, SAP, ATO Letter, and Executive Summary are reports that you can generate from an authorization package. The reports gives you a consolidated, detailed report about the effectiveness of a system security.
    SSP
    Provides an overview of security requirements for an information system and describes how a system adheres to or plans to meet the security requirements.
    SAR
    Provides assessment results and recommended guidelines from an assessor in remediating the vulnerabilities found in the security controls.
    POA&Ms
    Provides details on how to accomplish the elements of a plan, milestones to achieve the tasks, and timeline to complete the milestones.
    SAP
    Outlines the evaluating and testing security controls and safeguards according to NIST SP 800-37 and organizational policies.
    ATO Letter
    A document that's based on compliance with security frameworks and a comprehensive risk assessment.
    Executive Summary
    Outlines a comprehensive security assessment of the package, so you can align with federal security requirements and relevant authorization frameworks.
    Note:
    You can generate SSP, SAR, POA&Ms, SAP, ATO Letter, and Executive Summary reports in Microsoft Word where you can update the content in CAM Workspace. In the classic UI, you can generate only the SSP report in PDF format.
    To configure the predefined CAM Microsoft Word template, you must navigate to All > Continuous Authorization and Monitoring > Administration and set up the following administrative steps: