ATO / cATO Status — (REPLACE) DSOP Reference System ((REPLACE) DSOPREF)
Last refreshed: 2026-05-30T09:28:06Z. · Authorization: (REPLACE) Not yet authorized — in development; see the ATO milestone issues ((REPLACE) ATO | continuous ATO (cATO) | RAISE 2.0 incorporation into an RPOC's ATO)
🔗 AO dashboard: https://morbidsteve.github.io/dsop/
Controls
- 0 Compliant · 0 Non-Compliant · 49 Not Reviewed · 0 Not Applicable (of 49)
- Automated assessment coverage: 0.0%; compliant-of-assessed: 0.0%
Findings (open, all gates)
- 🔴 Critical: 0 · 🟠 High: 0 · 🟡 Medium: 0 · 🔵 Low: 0 · ℹ️ Info: 0
- Pipeline gates executed: (none recorded)
POA&M
- 0 open items — 0 overdue, 0 out-of-RAISE-scope. By CAT: {'I': 0, 'II': 0, 'III': 0}
RAISE 2.0 Security Gates
- Gate 1 — SAST (custom source code): ⚠️ not executed this run (via sast)
- Gate 2 — Dependency list / SBOM: ⚠️ not executed this run (via sbom + sca + license)
- Gate 3 — Secrets / keys detection: ⚠️ not executed this run (via secrets)
- Gate 4 — Container security scanning: ⚠️ not executed this run (via container)
- Gate 5 — DAST: ⚠️ not executed this run (via dast)
- Gate 6 — RPOC ISSM review step: ✅ executed (via review (CODEOWNERS + ATO Status issue + dashboard))
- Gate 7 — Sign the release container image: ⚠️ not executed this run (via container (cosign/Sigstore + SLSA provenance))
- Gate 8 — Store the release image in an artifact repository: ⚠️ not executed this run (via container (push to GHCR))
Continuous-monitoring trend (recent)
(no snapshots yet — run the pipeline)
- 📦 The eMASS submission package is published as a GitHub Release asset on each version tag (
emass-package.zip), and as a workflow artifact (body-of-evidence / emass-package) on every run.
- 📖 See
docs/ao-quickstart.md for how to read this, and compliance/crosswalks/ for the RMF / cATO / RAISE 2.0 / SSDF / eMASS mappings.
- ⚠️ Test results are an automated first pass; the SCA makes the final determination and signs the SAR. Confirm all mappings against the controlling documents (
compliance/references.md).
ATO / cATO Status — (REPLACE) DSOP Reference System ((REPLACE) DSOPREF)
Last refreshed: 2026-05-30T09:28:06Z. · Authorization: (REPLACE) Not yet authorized — in development; see the ATO milestone issues ((REPLACE) ATO | continuous ATO (cATO) | RAISE 2.0 incorporation into an RPOC's ATO)
🔗 AO dashboard: https://morbidsteve.github.io/dsop/
Controls
Findings (open, all gates)
POA&M
RAISE 2.0 Security Gates
Continuous-monitoring trend (recent)
(no snapshots yet — run the pipeline)
emass-package.zip), and as a workflow artifact (body-of-evidence/emass-package) on every run.docs/ao-quickstart.mdfor how to read this, andcompliance/crosswalks/for the RMF / cATO / RAISE 2.0 / SSDF / eMASS mappings.compliance/references.md).