Pages Security and Compliance
Pages security and compliance documentation
The Federalist Authority to Operate (ATO) expired on February 28, 2024. All Federalist sites, including non-GSA websites, have transitioned from the Federalist ATO to the cloud.gov Pages security boundary. Sites will remain active under an agreement while the site owner compiles the Authority to Use (ATU) documentation.
What is an Authority to Use (ATU)?
An ATU defines the process for documenting, reviewing, and approving the security and compliance status of sites requesting onboarding to the cloud.gov Pages platform. The ATU package is a consolidated document containing detailed security and compliance information for government low-impact information resources.
Cloud.gov Pages ATU
The Pages team has created an ATU process and established a partnership with the Technology Transformation Services Center of Excellence (CoE) to assist non-GSA agencies in navigating and gathering ATU documentation. The process includes the following templates and documents which are available upon request via this email: Pages Support.
- Templates
- Authority to Use main template
- Privacy Threshold Analysis (PTA)
- Contingency Plan (CP)
- Configuration Management Plan (CMP)
- Incident Response Plan (IRP)
- Control guide for non-GSA websites
- Authority to Use letter [This is a SAMPLE ONLY]
- ATU checklist
- Pages CIS/CRM
- Agency-specific requirements
- ATU process flow
Benefits of using the Pages ATU package
By leveraging cloud.gov Pages, government agencies benefit from a highly secure and compliant website hosting solution. The platform’s adherence to federal security standards and its robust security features, high availability, centralized security management, and support from security experts and engineers make it an ideal choice for hosting government websites. The cloud.gov Pages ATU provides:
- Streamlined compliance: Simplifies the compliance process for non-GSA agencies.
- Consolidated documentation: Provides all necessary security and compliance details in one place.
- Expert assistance: Partnership with CoE ensures expert guidance throughout the ATU process.
- Ongoing support: Continuous support from the cloud.gov Pages team to maintain compliance.
This focus on security and compliance helps agencies protect their data, meet regulatory requirements, and ensure the integrity and availability of their digital services.
ATU process flow
The ATU process flow is determined by if you would like guided ATU support or would like to self-complete the ATU process.
The process is outlined below. Here is where you can see a chart illustrating the process: Authority to Use - Process Flow.pptx
Both the guided ATU support process and the ATU self-completion process begin with initiating a request for service to the Cloud.gov Pages team.
Guided ATU support process
If you opt for guided ATU support, your request will be directed to the Centers of Excellence (CoE). The CoE will review the initial request and consult the Pages team to ensure the request aligns with ATU requirements.
Once ATU requirement alignment has been determined, you will complete the required documentation under CoE guidance. Cg-Pages DevOps will engage with you to onboard you to the Pages application. The CoE team, along with cg-Pages Compliance, will conduct a final review of your documentation.
If the documentation meets your agency’s requirements (agency ISSO/ISSM or FedRAMP), the site owner will sign the ATU document and ATU letter ISSO/ISSM and move the ATU letter forward to obtain the rest of the signature requests.
Prior to operational deployment, all websites must receive written authorization through the ATU process.
Once written authorization is received, the Cg-Pages DevOps team will collaborate with you to deploy the live site.
ATU self-completion process
If you are opting to self-complete the ATU process, you may leverage either the non-GSA ATU process (without the assistance of the CoE team, as outlined above) or follow your agency-specific ATO/ATU process.
Prior to operational deployment, all websites must receive written authorization through the ATU process.
Cloud.gov Pages contact information
Need help with an existing Pages account? Contact the support team at pages-support@cloud.gov.
Interested in getting started with Pages? Contact the business team at inquiries@cloud.gov.