The US Army has granted a three-year Assess Only Authority to Operate (ATO) designation to AttackIQ, a breach and attack simulation (BAS) systems provider.    

This designation will enable the company to introduce its security optimisation platform in the military branch.

Based on a multi-phase process that began in 2021, AttackIQ’s ATO received a Moderate/Moderate/Low classification.

The process included several evaluations and security assessments.

In this regard, AttackIQ partnered with KAIROS, a cybersecurity analysis and implementation provider for commercial and Department of Defense (DoD) needs.

AttackIQ is the first BAS platform to receive the ATO tag.

As part of the designation, the company will deploy its security optimisation platform to help the US Army develop a proactive defence posture across their key assets.

In turn, this will support warfighters deployed across the globe.

AttackIQ’s platform will help the Army achieve a threat-informed defence at scale by providing tools to strengthen cybersecurity controls.

In addition, the ATO designation will allow DoD entities and other government agencies to apply for reciprocity through Enterprise Mission Assurance Support Service (eMASS).

An internal government system, the eMASS documents security checks and authorisations.

This will enable the agencies access vital infrastructure technologies in a reduced time and with less resource expenses.  

US Army lieutenant colonel Dakota R Steedsman said: “With the Assess Only ATO accreditation, AttackIQ will allow the US Army to deploy a threat emulation capability across various production networks in support of critical mission objectives.

“The AttackIQ platform’s continuous security control validation gives our security teams real-time, data-driven visibility into whether their controls are working as intended, enabling uninterrupted verification of programme health at scale and in an automated fashion.”