RegScale acquires GovReady to deliver NIST OSCAL-enabled GRC platform

Nov. 30, 2022
GovReady's compliance-as-code, questionnaire-driven approach to generate system security plans, coupled with RegScale's API-centric approach, positions RegScale as the market-leading NIST OSCAL-enabled, next-generation GRC platform.

RegScale, a next-generation governance risk and compliance (GRC) software company, today announced that it has acquired GovReady, an open-source Compliance-as-Code platform.

GovReady's vision around a Compliance-as-Code, questionnaire-driven approach to generate System Security Plans (SSPs) coupled with RegScale's expert-driven API-centric approach positions RegScale as the market-leading NIST OSCAL-enabled, next-generation GRC platform.

"Since inception, RegScale has been dedicated to helping organizations mitigate risk and regain control through our real-time GRC platform," stated Anil Karmel, Co-founder and Chief Executive Officer of RegScale. "This acquisition furthers our commitment to bring compliance into the modern era, enabling organizations to move compliance from a point in time to a continuous, near real-time experience. We are thrilled to have Greg and his team join RegScale. His expertise in both compliance and government will be key in accelerating our mission of simplifying and automating regulatory compliance."

Developed by NIST, OSCAL is a set of formats expressed in XML, JSON, and YAML that provide machine-readable representations of control catalogs, control baselines, system security plans, and assessment plans and results. As early adopters and advocates, both RegScale and GovReady embraced OSCAL as a standards-based foundation for developing its technology. With today's news, organizations regardless of size can embrace Compliance-as-Code and realize the benefits of OSCAL.

GovReady CEO Elin will join RegScale's R&D team as its OSCAL leader and Compliance-as-Code evangelist along with other members of the GovReady team. Elin is a pioneer of the Compliance-as-Code movement as an active contributor to the OpenControl community and the NIST OSCAL community and leader of workshops.

Before founding GovReady, Elin was the first Chief Data Officer at the Federal Communication Commission, where he also briefly served as acting CIO. Before the FCC, he created Sunlight Foundation's Sunlight Labs as a pioneering technical organization in open government data. He will work alongside RegScale's Knoxville-based R&D team as its' Principal OSCAL Engineer.

"In conversations with RegScale, it became increasingly clear that we share a common goal: make compliance easier and available to all organizations," stated Elin. "After spending the years of my career in government data helping companies remove compliance and Authority to Operate bottlenecks (ATO), I'm excited to join RegScale to continue transforming security compliance into a collaborative, automated practice aligned with modern software development. I look forward to what we can achieve together, bringing Compliance-as-Code to organizations around the world."

In August 2022, RegScale announced the completion of a $20 million Series A funding round. This funding round was led by SYN Ventures with participation from SineWave Ventures, VIPC's Virginia Venture Partners, SecureOctane, and several strategic investors. RegScale has also recently announced the appointment of cybersecurity industry veteran and diversity, equity and inclusion thought leader Larry Whiteside, Jr., to Chief Information Security Officer (CISO) and Eric Erston, a GRC veteran with over two decades of sales and leadership experience to Chief Revenue Officer.Â