MITRE has released its response to a request for information issued by the Federal Risk and Authorization Management Program regarding a set of metrics meant to measure the end-to-end FedRAMP authorization experience.
Public input had been sought for those metrics with the aim of focusing and refining them, MITRE said Tuesday.
Input was solicited from a variety of stakeholders, including cloud service providers and third-party assessment organizations. Responses were to be submitted no later than Aug. 29.
For its part, MITRE recommended that the metrics be expanded to enhance the effectiveness of FedRAMP beyond cost and timeliness to include the streamlining of compliance and the reduction of redundant assessments.
Concerning the latter, MITRE specifically proposed that FedRAMP processes and metrics be revised to bring about “reciprocity-at-scale,” a concept that calls for the reuse of assessment information across risk management frameworks and assessment and authorization processes.
MITRE believes that through reciprocity, the government would be able to deploy secure cloud services faster by being able to recognize certifications and authorizations across varying frameworks, while service providers would be able to expand their services into new markets while enjoying savings from not having to undergo multiple certifications.
MITRE’s other recommendations include those concerning continuous monitoring and support for the adoption of quantum resistant cryptography and zero trust.