The IT Law Wiki


An agreement to operate (ATO) is

[a]n agreement, executed by the PCII Program Manager (PM) and a senior official within an entity receiving PCII, enumerating the obligations of both the PCII Program Office and the recipient entity with respect to the receipt, validation, safeguarding, and dissemination of submitted critical infrastructure information and validated PCII in the entity’s possession. The ATO is program specific within a Federal accredited entity that has a categorical inclusion program, or within a State or local entity that has a PCII repository.[1]