RegScale Acquires GovReady to Deliver Leading NIST OSCAL-Enabled GRC Platform

News provided by

Nov 29, 2022, 09:00 ET

Founder and former FCC Chief Data Officer Greg Elin joins as RegScale's OSCAL and Compliance-as-Code evangelist

TYSONS CORNER, Va., Nov. 29, 2022 /PRNewswire/ -- RegScale, a next-generation Governance Risk and Compliance (GRC) software company, today announced that it has acquired GovReady, an open-source Compliance-as-Code platform. GovReady's vision around a Compliance-as-Code, questionnaire-driven approach to generate System Security Plans (SSPs) coupled with RegScale's expert-driven API-centric approach positions RegScale as the market-leading NIST OSCAL-enabled, next-generation GRC platform.

"Since inception, RegScale has been dedicated to helping organizations mitigate risk and regain control through our real-time GRC platform," stated Anil Karmel, Co-founder and Chief Executive Officer of RegScale. "This acquisition furthers our commitment to bring compliance into the modern era, enabling organizations to move compliance from a point in time to a continuous, near real-time experience. We are thrilled to have Greg and his team join RegScale. His expertise in both compliance and government will be key in accelerating our mission of simplifying and automating regulatory compliance."

Developed by NIST, OSCAL is a set of formats expressed in XML, JSON, and YAML that provide machine-readable representations of control catalogs, control baselines, system security plans, and assessment plans and results. As early adopters and advocates, both RegScale and GovReady embraced OSCAL as a standards-based foundation for developing its technology. With today's news, organizations regardless of size can embrace Compliance-as-Code and realize the benefits of OSCAL.

GovReady CEO Elin will join RegScale's R&D team as its OSCAL leader and Compliance-as-Code evangelist along with other members of the GovReady team. Elin is a pioneer of the Compliance-as-Code movement as an active contributor to the OpenControl community and the NIST OSCAL community and leader of workshops. Before founding GovReady, Elin was the first Chief Data Officer at the Federal Communication Commission, where he also briefly served as acting CIO. Before the FCC, he created Sunlight Foundation's Sunlight Labs as a pioneering technical organization in open government data. He will work alongside RegScale's Knoxville-based R&D team as its' Principal OSCAL Engineer.

"In conversations with RegScale, it became increasingly clear that we share a common goal: make compliance easier and available to all organizations," stated Elin. "After spending the years of my career in government data helping companies remove compliance and Authority to Operate bottlenecks (ATO), I'm excited to join RegScale to continue transforming security compliance into a collaborative, automated practice aligned with modern software development. I look forward to what we can achieve together, bringing Compliance-as-Code to organizations around the world."

In August 2022, RegScale announced the completion of a $20 million Series A funding round. This funding round was led by SYN Ventures with participation from SineWave Ventures, VIPC's Virginia Venture Partners, SecureOctane, and several strategic investors. RegScale has also recently announced the appointment of cybersecurity industry veteran and diversity, equity and inclusion thought leader Larry Whiteside, Jr., to Chief Information Security Officer (CISO) and Eric Erston, a GRC veteran with over two decades of sales and leadership experience to Chief Revenue Officer.

About GovReady

GovReady provides self-service cyber assessments for faster, more agile compliance. Create user-friendly, web-based self-service compliance experiences with reusable, machine-readable "compliance apps" that map system components and organizational processes to security controls. Developed by data experts to accelerate system authorization, our software is open source and integrates with DevOps.

About RegScale

RegScale frees organizations from (digital) paper via its continuous compliance automation software. Our API-centric software platform integrates with your existing security and compliance platforms to dynamically manage the security control state, shifting compliance left to deliver audit-ready documentation on demand in the world's first real-time Governance, Risk, and Compliance platform. Heavily Regulated Organizations such as the U.S. Navy, Department of Energy, and Fortune 500 Financial Institutions use RegScale to start and stay compliant with their ongoing regulatory obligations. For more information, visit https://www.regscale.com/.

SOURCE RegScale