SANTA CLARA, Calif. — AttackIQ has been granted a three-year Assess Only Authority to Operate (ATO) by the U.S. Army. Senior officials granted this approval to launch the company’s Security Optimization Platform within the military branch based on an in-depth, risk-based security assessment.
AttackIQ is the first breach and attack simulation (BAS) platform to receive this ATO designation. It will allow the U.S. Army to use AttackIQ’s Security Optimization Platform to develop a more strategic and proactive defense posture across its mission critical assets in support of warfighters around the globe. AttackIQ’s ATO was successfully granted a Moderate/Moderate/Low classification after a thorough, multiphase process that began in 2021 and included several levels of evaluations and rigorous security assessments. AttackIQ collaborated with KAIROS, a provider of sophisticated cybersecurity analysis and implementation provider within commercial, federal, and Department of Defense (DoD) environments, to launch the process.
“With the Assess Only ATO accreditation, AttackIQ will allow the U.S. Army to deploy a threat emulation capability across various production networks in support of critical mission objectives,” said Lt. Col. Dakota Steedsman of the U.S. Army. “The AttackIQ platform’s continuous security control validation gives our security teams real-time, data-driven visibility into whether their controls are working as intended, enabling uninterrupted verification of program health at scale and in an automated fashion.”
AttackIQ's Assess Only ATO designation will enable organizations across the DoD, as well as other federal agencies, to apply for reciprocity via the Enterprise Mission Assurance Support Service (eMASS) system, an internal government system that documents all security checks and authorizations. This allows them to integrate AttackIQ’s technology within their production environment without requiring a new ATO. The purpose of reciprocity is to decrease time and resource expenses associated with additional testing, assessments, and paperwork to enable other federal agencies expedited access to valuable infrastructure technologies.
“This ATO is a testament to AttackIQ’s ability to deliver the technology and knowledge our nation’s most critical organizations need to stay ahead of today’s rapidly evolving threat landscape,” said Stacey Meyer, vice president of federal operations, AttackIQ. “AttackIQ has a strong partnership with the U.S. Army, and it has been a privilege to assist them with developing and deploying their Threat Emulation Program. We look forward to replicating this joint accomplishment across other federal agencies to strengthen their mission-critical assets.”