Cybersecurity FAQs

This section provides details on the Authorization to Operate (ATO) for MOTAR and how content activated on MOTAR can leverage the ATO.

Does MOTAR have an ATO?

MOTAR currently has an Authorization to Operate through AETC awarded on 25 January 2023. IL4 (Impact Level) authorization covers Controlled Unclassified Information (CUI), which may include data that is For Official Use Only (FOUO), Law Enforcement Sensitive (LES), or Sensitive security information. The MOTAR ATO ensures Personally Identifiable Information (PII) is protected with the Privacy Overlay included.

Additional Information regarding MOTAR ATO & Compliance can be found at the page linked below:

If I am a vendor that will build an application, can I leverage the MOTAR ATO?

Dynepic (MOTAR vendor) is complaint with CMMC 1.0 requirements and is currently evaluating CMMC 2.0 requirements.

The MOTAR Live (IL4) environment is aligned with DoD DevSecOps Reference Design and will include its own Software Factory for Continuous Integration/Continuous Deployment (CI/CD) implementation, continuous monitoring, and automation. For applications that can build out using Software Development Kits (SDKs) and tools within the MOTAR authorization boundary, these applications can reside within the MOTAR authorization boundary and not require their own ATO (aligned with the Platform One Certificate to Field model).

So long as the application is able to utilize MOTAR’s existing HW/SW List and Ports, Protocols, Service Management (PPSM), it would be a viable candidate to be within the MOTAR authorization boundary. We are currently reviewing all controls and assessment procedures to determine what controls the application can inherit from MOTAR and what would need to be completed by the application within their system security plan. This inheritance model and the security responsibilities of both MOTAR and the application will be spelled out in a Memorandum of Agreement (MoA) between MOTAR and the application. If however, the application requires HW/SW not already included within MOTAR or requires external communications not covered by the MOTAR PPSM, then the application will most likely need to obtain its own ATO.

Hint: The more your applications can utilize the MOTAR services (Authentication, data storage, LCMS, etc.), the easier it will be for your application to fall in our ATO boundary.

Additional Information regarding Vendor & Application Responsibilities can be found at the page linked below:

How do I authenticate to MOTAR?

You can authenticate using a username and password or CAC to the MOTAR platform. To login with your CAC within MOTAR, sign in with your CAC and it will direct you on how to associate it with your current MOTAR account or if you don't have an account, it will ask for you to request one.

Additional Information regarding MOTAR Access can be found at the page linked below:

Last updated