* [Blog](https://www.paloaltonetworks.com/blog)
* [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/)
* [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/)
* Achieving Continuous Auth...

# Achieving Continuous Authority to Operate with Prisma Cloud

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fcontinuous-authority-operate%2F)  
[](https://twitter.com/share?text=Achieving+Continuous+Authority+to+Operate+with+Prisma+Cloud&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fcontinuous-authority-operate%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fcontinuous-authority-operate%2F&title=Achieving+Continuous+Authority+to+Operate+with+Prisma+Cloud&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/cloud-security/continuous-authority-operate/&ts=markdown)  
\[\](mailto:?subject=Achieving Continuous Authority to Operate with Prisma Cloud)  
Link copied  
By [Paul Fox](https://www.paloaltonetworks.com/blog/author/paul-fox/?ts=markdown "Posts by Paul Fox")  
Oct 22, 2020  
3 minutes  
[DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)  
[Federal](https://www.paloaltonetworks.com/blog/tag/federal/?ts=markdown)  
[Government](https://www.paloaltonetworks.com/blog/tag/government2/?ts=markdown)

Cloud native development presents not only new solutions for architectures, but also potential operational methodologies for infrastructure and operations (I\&O) teams. Technology like microservices and containers combined with concepts such as DevSecOps (Development / Security / Operations) and 'shift left' security are all efforts to improve the delivery and security of your modernized applications and workloads.

They can also modernize how compliance and monitoring are performed by allowing organizations to achieve a Continuous Authority to Operate (C-ATO).

## What is C-ATO?

The process of approving IT systems for use within a federal organization is called Authority to Operate (ATO). In order to obtain an ATO designation, the system owner must implement, certify and maintain appropriate [security controls](https://www.paloaltonetworks.com/blog/2020/01/cloud-federal-data-protection/?ts=markdown). Two significant challenges in this process are the continual monitoring for deviations of the certified system (a.k.a. "drift") and the ongoing ownership of security throughout the system's ATO designation.

Cloud native technologies like [containers](https://www.paloaltonetworks.com/blog/2019/03/containers-fueling-move-devsecops/?ts=markdown) and microservices, and strategies like DevSecOps and shift-left security enable **continuous** monitoring and adherence to a system's approved security posture---hence the term C-ATO.

## How Prisma Cloud Helps Your Organization Achieve C-ATO

The underlying ATO methodology is based upon the [NIST Risk Management Framework](https://csrc.nist.gov/projects/risk-management/rmf-overview) (RMF). The six steps within this framework map closely to the microservice-based development phases of build, deploy and run, as seen in the image below.

![The six-step RMF aligned to the development lifecycle, of build, deploy and run.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/10/RMF_Build_Deploy_Run.png)
The six-step RMF aligned to the development lifecycle

Prisma Cloud is purpose-built for secure containerized development throughout the build, deploy and run [lifecycle](https://www.paloaltonetworks.com/blog/2020/05/cloud-secure-cloud-native-applications/?ts=markdown). It allows teams to operationalize the RMF by helping create and enforce compliance policies while monitoring for vulnerabilities, entirely integrated with [DevSecOps principles](https://www.paloaltonetworks.com/blog/2020/05/cloud-devsecops/?ts=markdown). Each step can be carefully monitored and controlled from the Prisma Cloud console:

* Create defined filters to create container Collections that fall under the same ATO, making it easy to see related resources and control access.
* Use tags to associate vulnerabilities found in a Collection with approved remediation milestones and mitigating controls.
* Automatically identify new threats across the lifecycle, effectively performing continual assessments.
* Shift security left into development by alerting and/or failing builds that are non-compliant with ATO policies.
* Implement policies to block non-compliant images from instantiating as containers.

![Creating custom enforcement policies in Prisma Cloud](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/10/ATO-Enforcement-Policies.png)
Creating custom enforcement policies in Prisma Cloud.

## What's next

The rapid adoption of microservices and containers prove that cloud native security is quickly becoming a standard requirement for organizations in the federal space. These concepts are being applied in other programs such as FedRAMP's vulnerability scanning [requirements](https://www.fedramp.gov/assets/resources/documents/DRAFT_FedRAMP_Vulnerbility_Scanning_Requirements_for_the_Development_and_Use_of_Containers.pdf) for the deployment and use of containers. Conversely, the RMF described here is not just applicable to the United States Department of Defense and federal agencies, but to public sector and commercial organizations worldwide.

Palo Alto Networks is committed to offering support for developing frameworks with products and services to address our customers' ever-changing security and compliance challenges. The functionality presented here represents only our initial support for C-ATO, with more planned for the future.

## How to Begin Your C-ATO Process

Check out the data sheet that provides further detail as to how [Prisma Cloud can help your organization achieve continuous authority to operate](https://www.paloaltonetworks.com/resources/datasheets/continuous-authority-to-operate-using-prisma-cloud?ts=markdown). Or you can see all of the ways Palo Alto Networks supports [cybersecurity for federal governments](https://www.paloaltonetworks.com/security-for/government/federal-global?ts=markdown).

*** ** * ** ***

## Related Blogs

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### The Federal Zero Trust Strategy](https://www.paloaltonetworks.com/blog/2022/03/the-federal-zero-trust-strategy/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown)

[#### Implementing NSA/CISA Kubernetes Hardening Guidance](https://www.paloaltonetworks.com/blog/cloud-security/implementing-nsa-cisa-kubernetes-hardening-guidance/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/sase/category/partner-integrations/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Google Cloud, Partnered With Palo Alto Networks, Receives US Government Success Memo](https://www.paloaltonetworks.com/blog/2021/07/us-diu-cloud-delivered-security/)

### [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown)

[#### What Palo Alto Networks Has in Store for the Public Sector in 2017](https://www.paloaltonetworks.com/blog/2016/12/gov-what-palo-alto-networks-has-in-store-for-the-public-sector-in-2017/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Securing the AI Frontier](https://www.paloaltonetworks.com/blog/2025/12/securing-the-ai-frontier/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News \& Events](https://www.paloaltonetworks.com/blog/sase/category/news-events/?ts=markdown), [SD-WAN](https://www.paloaltonetworks.com/blog/sase/category/sd-wan/?ts=markdown)

[#### Prisma SD-WAN FedRAMP Authorization for a Zero Trust Government Branch](https://www.paloaltonetworks.com/blog/sase/prisma-sd-wan-fedramp-authorization-for-zero-trust-government-branch/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language