EGlobalTech’s RPA Bot: Automatic SSP Validation for ATOs
Robotic Process Automation (RPA) can revolutionize the way organizations function, enabling employees to focus on complex problems while RPA bots fully automate tasks like data entry, document reviews, and screen scraping. By automating tasks that don’t require human decision-making or interference, RPA saves organizations time and money.
While many processes would benefit from RPA, this use case will focus on the Authority to Operate (ATO) document review for System Security Plans (SSPs). This process is a great candidate for RPA because its underlying business process is well-defined, the document review steps are repeatable and consistent, the reviews are time-intensive, and the data validation steps do not require human decision-making.
What is an Authority to Operate (ATO)?
An ATO grants a system the ability to operate in production environments on a federal agency’s infrastructure. For a project to acquire an ATO, multiple security documents need to be thoroughly completed and reviewed, including the System Security Plan (SSP), which documents key attributes of a system’s security posture. SSPs are reviewed to ensure system information is accurate, security levels are correct, and access controls are correctly implemented. It typically takes Information System Security Officers (ISSOs) two days to review and validate an SSP and review findings need to be remediated and triaged, which results in the ATO process taking months.
EGlobalTech’s Bot: Automate the SSP Review
To accelerate the review process and empower ISSOs to address system vulnerabilities quicker, we developed an RPA bot using the UiPath tool suite to validate and verify the completeness of an SSP, including system controls for a moderate-level system, the system details, security categorization, information types, security images, and access controls.
After the evaluation, our bot creates a scorecard and populates the results for ATO evaluators. Our bot completes the entire evaluation and scorecard in under four minutes without human intervention. It scans the SSP, highlights errors in various colors, and even writes detailed comments for ATO evaluators (e.g. “a required image is missing in this section”) – all without any intervention.
With the SSP review completely automated, an ISSO can refocus their time on the review findings and remediating any system vulnerabilities. The bot also accelerates the ATO process by reducing false starts in initial submissions. This use case can be expanded to other security documents within the ATO process, enabling the automated review of all ATO documents and shortening the time it takes for systems to achieve an ATO from months to days.
EGlobalTech and RPA
At EGlobalTech, we think about RPA at the enterprise level. We not only develop bots for our clients – we work with clients to identify opportunities for RPA though process and workflow evaluation, optimize existing workflows, lead bot deployments, and perform ROI evaluations. We also formed a strategic partnership with UiPath, a leading RPA software company that’s deploying bots at over 40 federal agencies. Would you like to see our bots in action or to start an initial workflow assessment? Contact us today.
Want to learn more about RPA? Our RPA Demystified Whitepaper defines RPA and provides use case examples.