If I am a vendor that will build an application, can I leverage the MOTAR ATO?
Is the MOTAR PPSM available so vendors can determine what ports, protocols, and services are available for applications they want to include within the MOTAR authorization boundary?
If my application resides within MOTAR, am I responsible to have a security incident and event management (SIEM) solution? Do I have any responsibilities from an incident response perspective?
Will MOTAR require the application source code so it can be run through the MOTAR software factory prior to including it in the MOTAR authorization boundary? What if I am not comfortable providing the source code?
What is the process for applications to obtain an ATO for use within MOTAR?
Do I need to purchase scanning licenses for my application?
Will app developers require an IAT Level II security certification to obtain privileged access to complete their duties?