Help Desk: (814)865-HELP security@psu.edu

ATO Quick Start

A high-level roadmap to achieving ATO compliance, with links to commonly-used resources

View the Quick Start Guide

Go

ATO Requirements by Phase

Phase 1
  • Create an ATO ticket
  • Establish next-generation endpoint protection (Cylance)
  • Begin security log collection, analysis and retention (Splunk)
  • Ensure vulnerability detection (Nessus)
  • Implement best practice items from Standards – User access, authentication, and authorization
  • Implement best practice items from Standards – Enable host-based firewalls
  • Generate all required system documentation
Phase 2
  • Encrypt data in transit
  • Secure endpoint access
  • Integrate with Penn State’s Enterprise Firewall
Phase 3
  • Complete security awareness training
  • Implement physical security
  • Use Enterprise Active Directory
  • Ensure full network segmentation
  • Restrict data transfer
  • Fully integrate CyberArk, including administrative account password management, one-time passwords, and password rotations