14. Embed technical assessors into the SDLC at a reasonable ratio

Don’t just hire independent technical assessors, embed them into the SDLC process. In our experience, assigning 1 assessor per 4 application development teams has been a successful ratio to start with. It supports limited context switching, as well as flexibility for product portfolio situations. As we discussed throughout our recommended approaches, assessors can be integrated into every RMF step, which builds greater trust among teams and agility for your cATO. This also means they should be connected into the software release process, and continuous monitoring operations.