Why FISMA Compliance is Essential for Startups Working in Government


As the United States continues to explore the IoT frontier, it’s essential that agile technology startups collaborate with military organizations. The reason for this is that developing companies are often more agile, responsive, and cost-effective than the legacy contractors such as Lockheed Martin Corporation, Raytheon Company, and Boeing Company.

However, unlike these cornerstone military contractors, startups often lack a team of experts that can ensure that they’re compliant with the Federal Information Security Management Act (FISMA). While essential, navigating FISMA is a tall order for young companies. Unfortunately, when companies are unable to maintain compliance, not only do they lose potential contracts that could create jobs, but the public sector also misses out on new, innovative, and potentially life-saving technologies.

It’s for this reason that GovReady, an “open source project for techies who aren’t FISMA experts,” exists. Their goal is to help startups remain compliant with FISMA and ensure the U.S. public sector continues to leverage the most innovative technologies our country has to offer. To further understand why it’s essential that startups ensure continued compliance and how collaboration between startups and military organizations can make a difference in our country, SimpleSense sat down with GovReady founder, Greg Elin.

Why is it essential to ensure continuous compliance?

Continuous compliance is important because it allows an organization to constantly review their IT compliance posture, ensure they’re meeting regulatory demands, and maintain system security.

Why is it so critical to check for compliance in the development stage of software and hardware?

Historically, compliance for software and hardware products has been seen as a final step in the system development life cycle—a product is developed and the compliance is then dictated from the top down on an already completed product. Incorporating compliance earlier into the software development lifestyle (SDLC) highlights security as a continuous concern rather than a “checkbox” at the end of development.  Moreover, it aids in the detection of flaws earlier in the development process and reduces re-development by identifying and fixing issues early.

What happens if a startup falls out of compliance?

Startups at the beginning of their business development often operate on narrow budget margins and tight time scales. Compliance discrepancies can delay software implementations for business and government clients, play a part in the competitive decision of contract awards, and demonstrate to customers that a startup is not thorough in their security practices.

Why is it important that startups and government organizations work together?

Startups can provide novel technologies and innovative approaches to government processes and problems. By their very nature, startups provide services or products that are inventive and new, which is in contrast to the standard operating procedure-driven operation of many government organizations. Government, conversely, can provide financial support and stability to startups, which allows for further development and customization to the services and products to better suit the startup’s needs.

How do you think government organizations working with startups such as SimpleSense will make a difference?

The primary reason for government organizations to partner with startups like SimpleSense is to improve the quality and efficacy of provided government services. Handovers of first responder data is costly, time-consuming, and can be delayed under certain circumstances.

Government organizations can leverage technology from SimpleSense to augment government capability and better responder outcomes. Ultimately, SimpleSense technology will save lives through its integration into multiple first responder government organizations.

How do you see the need for GovReady changing as the government-software ecosystem matures?

As software integrations into the government-software ecosystem matures, governance, risk management, and compliance (GRC) products and compliance service providers like GovReady will become increasingly important to continue the rate of software scaling in the public sphere.

The rate of compliance and authorizations as a process has not been able to keep up with the demand for new software integrations in the government. Therefore, GovReady provides a crucial service in facilitating compliance and eliminating the compliance bottleneck.

The government-software ecosystem is also maturing in the direction of expanding compliance automation and incorporating open-source software. GovReady as an open-source software developer and compliance automation service provider is well-positioned to meet the government at its next step of compliance maturity.

How SimpleSense Stays Consistent with Compliance

From the onset of creating our technology, we’ve been proactive and meticulous in our approach to our compliance with FISMA. A significant step in our ardent journey to compliance was teaming up with GovReady. With their assistance, we’re better positioned to continually develop life-saving solutions without the bottleneck of redeveloping software and hardware. If you’re interested in learning more about SimpleSense, reach out by visiting our contact page.

Share this post: