CSAT Sensitive But Unclassified System Secured Authority to Operate

The Oak Ridge National Laboratory Center for Infrastructure Security Analysis (CISA) secured a three-year Authority to Operate (ATO) certification for the Chemical Security Assessment Tool (CSAT) on-premises  Sensitive But Unclassified (SBU) system from CISA sponsor, U.S. Department of Homeland Security (DHS). The new ATO will remain valid through July 2023. The DHS ATO certifies compliance with Federal Information Security Management Act, National Institute of Standards and Technology, Office of Management and Budget, and other federal laws, directives, and policies.

For the past year, the CISA team worked actively to ensure system compliance through meticulous system documentation (including plans, policies, procedures, network drawings), hardware and software system upgrades, milestone completion, licensing acquisition, continuing maintenance and management, verification and articulation (via implementation of security measures) of 404 security controls, and coordination with DHS. Primary team members for the certification were Ethan Cantrell, Kevin Rasch, Todd Thomas, Brad Nance, Adam Bengston, and Kellen O’Connor from the Computer Science and Mathematics Division and Andrew Kerr, Jim Simmons, Anthony Seay, Steve Ping, and Micah Church from the Information Technology Services Division. The CSAT is a critical element in the DHS effort to ensure security at the Nation’s chemical facilities. The CSAT has more than 24,000 active users and more than 3,300 regulated chemical facilities.