Authorization to Operate


Female scientist looks at camera in front of microscope

What are ATO Services?

Information systems with sensitive data may need to comply with the Federal Information Security Management Act (FISMA for on-premise systems) and/or the Federal Risk and Authorization Management Program Reform Act (FedRAMP for systems whose data is stored in the cloud). If your research processes or stores federal data, these Federal standards are required. You must receive an “Authorization to Operate” (ATO) from the government.

HJF has ATO experts to guide you through the complex process, resulting in an authorization package ready to submit to the DoD Authorization Agent.

Determine Your Need for an ATO

HJF will help determine whether or not you need an ATO based on the data you are working with. We also carefully examine security requirements for your research from the original statement of work on your federally funded agreement/contract.

Need to learn more? Contact HJF's IT Services team. 

What HJF Offers

HJF provides a dedicated project manager for the duration of your project that will:

  • Help select security controls based on system categorization
  • Work with Global Information Security and IT resources to implement the required security controls and assist with control evidence preparation
  • Coordinate resources to document the information systems environment
  • Guide you through Independent Verification and Validation or 3PAO assessment
  • Assist in the creation of the ATO package submission

Why Work With HJF?

Customers such as the Uniformed Services University of Health Sciences and the National Institutes of Health rely on HJF’s ATO Services.

  • Save Time. The assessment process can be taxing on your time, not to mention resource intensive. HJF can facilitate an accelerated path to an ATO in as little as 60 days.
  • Evaluate Your System. HJF provides a completely neutral assessment and review of your system.
  • Simplify the Process. HJF guides you through the often complex requirements to become ATO compliant. 
  • Learn and Validate. Information owners can leverage HJF's industry knowledge and best practices to strengthen the capabilities.
  • Monitor. HJF provides a project plan and regular milestone checks to ensure your system remains compliant.
Computer and stethoscope

Contact Us for Pricing

HJF’s Product Advisory Board (PAB) provides pricing information on annual costs for FedRAMP and NIST 800-171, the Cloud Service Provider, security services and HJF services.

Contact HJF PAB at for a pricing guide and any additional information.

Cost will vary depending on the size and complexity of the environment.