Description Reduction of the number of IT security mitigations in the application's authorization to operate (ATO). Assumptions Each applications moved to EDC or Cloud will require a refresh of their ATO The destination architecture will support a more compliant architecture Metric Name: Increase security compliance Metric Formula: level of compliance in the ATO Baseline: No ATO or multiple mitigations Target: To be better defined ***