SANTA CLARA, Calif. – August 17, 2022 – AttackIQ®, the leading independent vendor of Breach and Attack Simulation (BAS) systems, today announced it has been granted a three-year Assess Only Authority to Operate (ATO) by the U.S. Army. Senior officials granted this approval to launch the company’s Security Optimization Platform within the military branch based on an in-depth, risk-based security assessment.
AttackIQ is the first Breach and Attack Simulation platform to receive this ATO designation. It will allow the U.S. Army to use AttackIQ’s Security Optimization Platform to develop a more strategic and proactive defense posture across their mission-critical assets in support of warfighters around the globe. AttackIQ’s ATO was successfully granted a Moderate/Moderate/Low classification after a thorough, multi-phase process that began in 2021 and included several levels of evaluations and rigorous security assessments. AttackIQ collaborated with KAIROS, a provider of sophisticated cybersecurity analysis and implementation provider within commercial, federal, and Department of Defense (DoD) environments, to launch the process.
“With the Assess Only ATO accreditation, AttackIQ will allow the U.S. Army to deploy a threat emulation capability across various production networks in support of critical mission objectives,” said Dakota R. Steedsman, Lieutenant Colonel, U.S. Army. “The AttackIQ platform’s continuous security control validation gives our security teams real-time, data-driven visibility into whether their controls are working as intended, enabling uninterrupted verification of program health at scale and in an automated fashion.”
More than a dozen U.S. government agencies and organizations, including customers in the legislative branch, intelligence community, defense agencies, and numerous executive branch civilian agencies, trust AttackIQ’s platform to validate their security continuously and achieve a threat-informed defense at scale.
AttackIQ’s Assess Only ATO designation will enable organizations across DoD, as well as other federal agencies, to apply for reciprocity via the Enterprise Mission Assurance Support Service (eMASS) system, an internal government system that documents all security checks and authorizations. This allows them to integrate AttackIQ’s technology within their production environment without requiring a new ATO. The purpose of reciprocity is to decrease time and resource expenses associated with additional testing, assessments, and paperwork to enable other federal agencies expedited access to valuable infrastructure technologies.
“This ATO is a testament to AttackIQ’s ability to deliver the technology and knowledge our nation’s most critical organizations need to stay ahead of today’s rapidly evolving threat landscape,” said Stacey Meyer, Vice President of Federal Operations, AttackIQ. “AttackIQ has a strong partnership with the U.S. Army, and it has been a privilege to assist them with developing and deploying their Threat Emulation Program. We look forward to replicating this joint accomplishment across other federal agencies to strengthen their mission-critical assets.”
AttackIQ, the leading independent vendor of breach and attack simulation solutions, built the industry’s first Security Optimization Platform for continuous security control validation and improving security program effectiveness and efficiency. AttackIQ is trusted by leading organizations worldwide to plan security improvements and verify that cyberdefenses work as expected, aligned with the MITRE ATT&CK framework. The Company is committed to giving back to the cybersecurity community through its free award-winning AttackIQ Academy, open Preactive Security Exchange, and partnership with MITRE Engenuity’s Center for Threat-Informed Defense. For more information, visit www.attackiq.com. Follow AttackIQ on Twitter, Facebook, LinkedIn, and YouTube.