Pardon the rant, but I am a DoD Contractor and I have to put up with new business goons who insist on using only the best buzzwords.

Our new business boys want me to integrate Continuous ATO into every proposal I participate in. Our work is almost exclusively hardware modernization and integration. No software development.

There are tons of YouTube videos and blog posts on cATO, but I have yet to see one that doesn't have to do with software development. The idea is that you program in automated control checks and reporting into your software, so the system is in a continuous state of monitoring, alleviating the need for a formal RMF cycle. That's cool, but I get the enduring vibe that these goons just heard something shiny and don't understand it.

Anyone work with a Continuous ATO scheme on strictly hardware refreshes? Am I completely off base?