The Federal Risk and Authorization Management Program has started seeking public comments on a proposed set of key performance metrics designed to measure the end-to-end FedRAMP authorization experience and align with its mission of being a security-first program.
FedRAMP said Tuesday it is asking cloud service providers, third-party assessment organizations and other stakeholders to state the most important metrics for assessing the effectiveness and efficiency of the program’s process.
The program also wants to know the types of information that would help manage expectations and improve the customer experience during the FedRAMP authorization process and what role FedRAMP could play in helping define success regarding timeliness and cost effectiveness of the authorization process where the program is not involved in every phase of the process.
With the program’s evolving landscape, FedRAMP intends to reassess metrics each year to facilitate updates and use the Government Risk and Compliance platform buildout to inform future metrics.
Comments on the proposed metrics are due Aug. 29.
In late March, FedRAMP launched a new roadmap outlining its four strategic goals, including orienting around the customer experience and positioning the program as a leader in cybersecurity and risk management.