Denial of Authority to Operate (DATO)

A Denial of Authority to Operate (DATO) is the formal decision by an Authorizing Official that a system's security risks are too high to allow it to operate. A DATO means the system must be shut down or disconnected until the identified security issues are resolved.

DATOs are serious — they indicate fundamental security failures that cannot be accepted or mitigated at the current time. A system under DATO cannot process data or connect to networks until the issues are remediated and the system is reassessed.

Why It Matters

A DATO on a system you operate or maintain means immediate operational disruption. Understanding what triggers a DATO helps you prioritize the security controls that Authorizing Officials consider most critical.

Related Resources

NIST 800-53: AC-3(3)
NIST 800-53: AC-3(15)