ATAC COMPLIANCE
automated compliance controls
Ops Console · Account
Every connected account in one view — connector health, posture, and open work. Click any row to drill in. Auto-refreshes every 60s.
Customers
—
Avg Health
—
Critical POA&Ms
—
Connector Issues
—
Expiring < 30d
—
Artifacts & inheritances
ATO-M MTD
—
Account AI spend
Loading account…
Tenants · Connected Accounts
Accounts feeding this dashboard. Switch which tenant you’re viewing via the chip in the topnav.
Support
Bug reports, feature requests, access issues, compliance questions. Replies post here as a thread.
Documentation
ATAC Compliance v1.0 user documentation. PDFs are signed, audit-trail-friendly artefacts. Bookmark or download any of them.
Evidence Intake
checking which controls need documentation… drop up to 25 files at once · PDF / DOCX / TXT / images⤓
Drop files here or click to browse
ATAC reads each file, suggests which NIST 800-53 controls it covers, scores its quality, and registers it as evidence.
Tip: a one-line header on each doc — e.g.
Controls covered: AC-1, AC-2, AC-2(01)
— gets confidence ≥ 0.85 and one-click commit. Without it, ATAC infers from content (still works, lower confidence).
Per-control automated checks · click any card to drill into evidence and remediation
Click Run Scan to check this cloud account against your compliance controls.
ATO Readiness
— / 100 ·
Loading…
30-day
ATO Summary
AI-generated · auto-refreshes on next scan
Hello, we're just refreshing scan data now, one moment please…
FedRAMP Low
—
·
— / 141 covered
Loading scope…
FedRAMP Moderate
—
·
— / 299 covered
Loading scope…
FedRAMP High
—
·
— / 388 covered
Loading scope…
Controls
—
Loading…
Findings
—
Loading…
POA&Ms
—
Loading…
Needs your attention now
Framework Catalog · toggle on/off
Loading the framework catalog…
Loading STIG posture…
Loading compliance posture…
Loading applications…
Loading inheritance…
Loading artifacts…
Loading policies…
Loading Audit Reports…
Generate Reports
Print-ready PDFs · spreadsheet exports · pick one to build
Plan of Action & Milestones
Auto-generated from latest scan · sorted by ETA · click any row to expand
Total open
—
Past ETA
—
Auto-generated
—
| Control | Title | Risk | Status | ETA | Days |
|---|---|---|---|---|---|
| Run a scan to populate the POA&M. | |||||
ATO Package — OSCAL 1.1.2 Evidence
Machine-readable compliance artifacts for your annual ATO recertification
Catalog Coverage
—
Loading…
Recommended
Complete ATO Bundle
All three OSCAL artifacts (SSP + SAR + POA&M) plus coverage metadata in one JSON file. This is what you hand to your assessor.
SSP
System Security Plan — how each control is implemented. Edit parties/roles metadata post-generation.
SAR
Security Assessment Results — latest scan outcomes as OSCAL findings & observations. Annual assessment evidence.
POA&M
Plan of Action & Milestones — open findings with risk level and estimated remediation dates.
Validate Before Submission
Runs an inline structural validator over SSP/SAR/POA&M: UUIDs, enum values, cross-references. Catches most schema issues before your assessor sees them.
SSP as Document (HTML)
Human-readable SSP formatted as a standard ATO document. Opens in Word (saves as .docx), prints cleanly to PDF, viewable in any browser.
POA&M as Document (HTML)
Human-readable POA&M with risk-prioritized open items, summary statistics, and remediation schedule rationale.
Before submitting: OSCAL output contains placeholder values for System Owner, ISSO, Authorizing Official, and Organization metadata. Edit those fields in the downloaded JSON before handing to your assessor. Also complete manual-evidence controls (AC-8, CA-8, CM-7(2), CP-2, RA-5(11), SR-8, SR-11(1), SR-12) with policy and procedure documentation attached separately.