ATO artifacts for an authorization package

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Generate Authority to Operate (ATO) artifacts such as System Security Plan (SSP), Security Assessment Report (SAR), Plan of Actions and Milestones (POA&Ms), Security Assessment Plan (SAP), Authority to Operate (ATO Letter), and Executive Summary from an authorization package in Microsoft Word format. Generating ATO artifacts as Microsoft Word format enhances ease of editing, collaboration, and compliance, confirming professional and portable documents.

    ATO artifacts are documents and evidence produced while authorizing a system that supports the compliance of a package with the security standards.

    SSP, SAR, POA&Ms, SAP, ATO Letter, and Executive Summary are reports that you can generate for an authorization package. It gives you a consolidated, detailed report about the effectiveness of the system security.
    SSP
    A document that provides an overview of security requirements for an information system. It describes how a system adheres to the security requirements or how it plans to meet the requirements.
    SAR
    A structured document that provides the assessment results and recommended guidelines of an assessor in remediating the vulnerabilities found in the security controls.
    POA&Ms
    A document that gives details as to how to accomplish the elements of the plan, milestones to achieve the tasks, and time line to complete the milestones.
    SAP
    A document which outlines evaluating and testing security controls and safeguards according to NIST SP 800-37 and organizational policies.
    ATO Letter
    A document that's based on compliance with security frameworks and a comprehensive risk assessment.
    Executive Summary
    A document that outlines the comprehensive security assessment of the package, verifying with federal security requirements and relevant authorization frameworks.
    Note:
    You can generate SSP, SAR, POA&Ms, SAP, ATO Letter, and Executive Summary reports in Microsoft Word where you can update the content in CAM Workspace. Whereas in classic UI, you can generate the SSP report in PDF format using Generate Report(s) in the Authorization package form.
    To configure the predefined CAM Microsoft Word template, you must navigate to All > Continuous Authorization and Monitoring > Administration and set up the following administrative steps: