RAISE 2.0 Command Center

RAISE 2.0 — ATO & RPOC Submission Package

Secure Runtime Environment (SRE) DSOP
FIPS 199: Moderate-Moderate-Moderate | eMASS ID: _[PENDING]_

ATO & RPOC Submission Package

Everything you need to get your DSOP authorized and designated as a RAISE Platform of Choice. Start with the workflow below, use the interactive tools, and track your progress.

30+
Total Documents
10
Interactive Tools
~325
NIST Controls
8
RAISE Gates
6
Human Actions

📦 Export ATO Package

Generate a print-ready PDF of your entire submission package, or export individual documents.

Submission Workflow
1
Build Platform
DSOP ready
2
8 Security Gates
All implemented
3
Write Documents
30+ docs ready
4
Fill & Sign
Org details + sigs
5
eMASS + DITPR
System registration
6
TA Certification
CI/CD tools review
7
SCA Assessment
Independent review
8
AO Signs ATO
Authorization
9
RPOC Designation
Apps can deploy

⚠ Actions That Require a Human

Interactive Tools
📋
System Security Plan (SSP)
Core ATO
Interactive SSP with all ~325 NIST 800-53 Moderate controls. Pre-filled implementation descriptions, editable personnel fields, progress dashboard. Export for eMASS upload.
20 families ~325 controls Editable JSON export
📝
Plan of Action & Milestones (POA&M)
Core ATO
Track all findings and remediation milestones. 15 pre-populated items from self-assessment. Add/edit findings, sort by severity, export CSV/JSON for eMASS.
15 findings Severity tracking CSV export Timeline view
🔎
Security Assessment Report (SAR)
Core ATO · DRAFT
DRAFT SAR pre-filled with self-assessment data. Must be validated by independent SCA. ~280 Satisfied, ~30 Other Than Satisfied, 15 findings mapped to POA&M.
DRAFT SCA required 15 findings Printable
🛠
RAISE 2.0 Walkthrough Guide
Interactive
Step-by-step guide through the entire DSOP to RPOC journey. 10 phases with checklists, tips, and warnings. Start here if you're new to RAISE.
10 phases Checkboxes localStorage Shareable
📋
RAISE Requirements Tracker
Interactive
Track all 51 RAISE 2.0 requirements: 24 RPOC requirements, 8 security gates, 19 application owner requirements.
24 RPOC reqs 8 Gates 19 App Owner reqs Filters
🎯
ATO Controls Tracker
Interactive
All ~252 NIST 800-53 Rev 5 Moderate baseline controls with pre-filled status. Edit descriptions, responsible party, evidence. Export JSON for eMASS.
20 families ~252 controls Editable JSON export
🚀
Pipeline Dashboard
Interactive
Visual CI/CD security gate pipeline. Click gates for details, view scan output, findings, signatures, SBOM. Simulate a full pipeline run.
8 RAISE gates 4 scenarios Simulation Drill-down
🗃
eMASS Registration Guide
Interactive
Interactive walkthrough for eMASS registration. Pre-filled fields with copy buttons, RMF step timeline, checklist with progress tracking.
7 RMF steps Copy-paste fields 25+ references
📜
CI/CD Tools Certification
Interactive + Print
TA submission package with visual pipeline flow, editable org fields, evidence checklist. Print stylesheet formats it as a formal memo.
RAISE Appendix D Editable Printable Evidence checklist
🛡
Penetration Test Report
Automated + Interactive
Automated security assessment results: API server, network, pod security, secrets, supply chain, auth, crypto, and monitoring. Import scan JSON or paste results.
8 categories NIST CA-8 JSON import PDF export
Automated Security Scans
🔎
Penetration Test Scanner
Script
Automated pen test: API auth, RBAC, network segmentation, pod security, secrets, supply chain, identity, and crypto. Run against live cluster.
scripts/security-pentest.sh --json for report
./scripts/security-pentest.sh --json > pentest.json
📋
Quarterly STIG Scan
Script
DISA STIG compliance scan: CIS Kubernetes Benchmark (kube-bench), Istio STIG, Rocky Linux 9 STIG, container image vulnerabilities (Trivy).
scripts/quarterly-stig-scan.sh QREV-6
./scripts/quarterly-stig-scan.sh --json > stig.json
📊
Compliance Report
Script
NIST 800-53 compliance check against live cluster. Verifies 34+ controls across 10 families with evidence collection.
scripts/compliance-report.sh 34+ NIST controls
./scripts/compliance-report.sh --json > compliance.json
ATO Package Documents

Core Documents (The "Big Three")

System Security Plan (SSP)
Interactive HTML + eMASS export
Security Assessment Report (SAR)
DRAFT — SCA must validate
Plan of Action & Milestones (POA&M)
15 findings, CSV/JSON export

Supporting Documents

Risk Assessment Report (RAR)
18 risks, NIST 800-30
Authorization Boundary
Diagrams, data flows, PPSM
Security Categorization
FIPS 199 M-M-M
Incident Response Plan
5 playbooks, NIST 800-61
Contingency Plan
RTO 4h, RPO 1h, NIST 800-34
Configuration Management Plan
GitOps CM, NIST 800-128
Continuous Monitoring Plan
ISCM, NIST 800-137
Privacy Impact Assessment
QREV-3 — platform-level PIA
Rules of Behavior
User acknowledgment form
Hardware/Software Inventory
QREV-1 — all 16 components with versions

RAISE 2.0 RPOC Documents

CI/CD Tools Certification
Formal TA memo — interactive + printable
Service Level Agreement Template
One per tenant app
eMASS Registration Guide
Interactive walkthrough with pre-filled fields
RAISE Compliance Overview
Directory overview and process map

Quarterly Review Templates (QREV 1-7)

QREV-1: Security Plan
Software list, CI/CD tools, PPSM
QREV-2: Security Assessment Plan
Assessment scope and schedule
QREV-3: Privacy Impact Assessment
Platform-level PIA
QREV-4: POA&M Summary
Quarterly findings summary
QREV-5: Application Report
App onboarding/offboarding
QREV-6: Vulnerability Report
Consolidated vuln report
QREV-7: Deployment Artifacts
Per-app artifact checklist

App Owner Package (Templates for Tenants)

Vulnerability Management Plan
Template for app owners
Mitigation Statement Template
For findings that need exceptions
App STIG Checklist
34-item checklist, 7 categories
Changelog Template
Release history tracking
Application Architecture Template
Component and data flow diagram
RAISE 2.0 ATO & RPOC Command Center — Generated for DSOP authorization package preparation
All documents viewable in browser — Use Export to generate PDF package