The Program Manager Walks In: “We Got the DoD Contract. Now We Need the ATO.”

ClearPath Defense Solutions just won a $47M DoD contract. FISMA requires an ATO before a single byte of government data touches your system. You are the ISSO. Nine months. The clock starts now.

7 Scenes — The Complete RMF Origin Story

💥Scene 1: The ContractTuesday morning. The all-hands is called. $47M DoD contract. FISMA requires ATO before go-live. Nine months. You are the ISSO — where do you start? Live dialogue. Think-First challenge: your 5 first actions as ISSO.⚖️Scene 2: The LawFISMA 2014 vs FISMA 2022 — what changed. OMB Circular A-130. Executive Order 14028 — Zero Trust, SBOM, 72-hour incident reporting. Every law and executive order ClearPath must follow — explained in plain English.🗺️Scene 3: The RMFAll 7 steps — Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor. Why the order is mandatory. ClearPath’s complete timeline mapped to each step. Every NIST document at every step.👥Scene 4: The TeamISSO, ISSM, AO, SCA, System Owner, AO Rep — every role defined with specific responsibilities. Why SCA independence is mandatory. Who gets interviewed by the AO. What the CEO must be able to answer.📅Scene 5: The PlanThe complete 9-month ATO project plan. Month by month, week by week. Why Implement (Step 4) takes 3 months. Why the POA&M remediation phase is always underestimated. What cannot be rushed.📄Scene 6: The DocumentsEvery document ClearPath must produce — SSP, POA&M, SAP, SAR, ATO Letter, ISCM Strategy. What goes in each. The complete ATO package contents. Reference numbers and expected lengths.🎯Scene 7: Quiz7 questions — FISMA requirements, SP 800-37 Rev 2, RMF step order, ATO signing authority, SCA independence, POA&M definition, post-ATO monitoring. Instant feedback with explanation.