Re: Good suggestion
I think the biggest hurdle will be getting the security and operations teams to work together. In most cases, I've seen the animosity between the 2 departments be a driving factor behind why the approval process is 6-12 months. Operations folks are seen by the Security folks as a team that wants to be the great creators, but have little respect for security controls required to protect the assets. When Security returns the project to them to say "Hey, it's good but X, Y, and Z need to be fixed to meet requirements A, B and C" the operations folks are rarely understanding. From an Operations perspective, Security folks are seen as the police force who are hell-bent on making their lives difficult by making the requirements so specific that any meetings between the two teams result in bashing of heads on desks out of frustration.
So putting these folks on the same team, while absolutely necessary and viable, could be hard, especially with folks who have been around for long periods of time and have the mentality of "This is how we've always done things". The leading DevOps companies are all newer companies (compared to old Federal agencies) so they tend to have more forward-thinking employees who are open to new ways of doing things. That is the real change you need to see in FedRamp to make it successful.