Authority to Operate
The formal decision by a senior official that a federal information system's risk is acceptable and it may go into operation, granted at the end of the NIST Risk Management Framework process. Without an ATO, a system cannot legally run in a federal environment. Watch out: in fraud and identity contexts the same acronym means account takeover, so context determines which ATO is meant.