EmeSec CEO Maria Horton has said the Federal Risk and Authorization Management Program‘s plans to revamp its accreditation process could shorten the approval timelines for cloud service providers and require additional costs.
In a guest piece published Wednesday by MeriTalk, Horton wrote the proposed changes could help CSPs gain an authority to operate within three to six months.
Horton added the planned “readiness capabilities assessment” feature could give the FedRAMP Program Management Office a retrospective look into CSPs’ performance as well as help CSPs identify measures to promote their offerings.
She also said the proposed process could also add costs and risks for CSPs since third party assessment organizations will conduct the initial system evaluation.
The provisional ATO path is less likely to be used if the changes are implemented since the process looks to limit CSPs that could go through FedRAMP Accelerated or gain P-ATOs, Horton noted.