The process of approving IT systems for use within a federal organization is called Authority to Operate (ATO). Two significant challenges in this certification and accreditation process are the continual monitoring for deviations of the certified system (a.k.a. “drift”) and the ongoing ownership of security throughout the system’s ATO designation. Cloud native technologies like containers, coupled with methodologies like DevSecOps, have presented new ways to address those challenges. Prisma Cloud helps enable DevSecOps and containerized development, making it easier to achieve a continuous-ATO.