RegScale Acquires GovReady to Deliver Leading NIST OSCAL-Enabled GRC Platform

November 29, 2022 | By Anil Karmel

 TYSONS CORNER, VA. – November 29. 2022 – RegScale, a next-generation Governance Risk and Compliance (GRC) software company, today announced that it has acquired GovReady, an open-source Compliance-as-Code platform. GovReady’s vision around a Compliance-as-Code, questionnaire-driven approach to generate System Security Plans (SSPs) coupled with RegScale’s expert-driven Application Programming Interface (API)-centric approach positions RegScale as the market-leading National Institute for Standards and Technology (NIST) Open Security Control Assessment Language (OSCAL) – enabled, next-generation GRC platform.

“Since inception, RegScale has been dedicated to helping organizations mitigate risk and regain control through our real-time GRC platform,” stated Anil Karmel, Co-founder and Chief Executive Officer (CEO) of RegScale. “This acquisition furthers our commitment to bring compliance into the modern era, enabling organizations to move compliance from a point in time to a continuous, near real-time experience. We are thrilled to have Greg and his team join RegScale. His expertise in both compliance and government will be key in accelerating our mission of simplifying and automating regulatory compliance.”

Developed by NIST, OSCAL is a set of formats expressed in XML, JSON, and YAML that provide machine-readable representations of control catalogues, control baselines, system security plans, and assessment plans and results. As early adopters and advocates, both RegScale and GovReady embraced OSCAL as a standards-based foundation for developing its technology. With today’s news, organizations regardless of size can embrace Compliance-as-Code and realize the benefits of OSCAL.

GovReady CEO Greg Elin will join RegScale’s R&D team as its OSCAL leader and Compliance-as-Code evangelist along with other members of the GovReady team. Elin is a pioneer of the Compliance-as-Code movement and is an active contributor to the OpenControl and the NIST OSCAL communities where he has been a thought leader and hosted multiple workshops. Before founding GovReady, Elin was the first Chief Data Officer (CDO) at the Federal Communication Commission (FCC), where he also briefly served as acting Chief Information Officer (CIO). Before the FCC, he created Sunlight Foundation’s Sunlight Labs as a pioneering technical organization in open government data. He will work alongside RegScale’s Knoxville-based R&D team as its’ Principal OSCAL Engineer.

“In conversations with RegScale, it became increasingly clear that we share a common goal: make compliance easier and available to all organizations,” stated Elin. “After spending many years of my career in government data helping companies remove compliance and Authority to Operate bottlenecks (ATO), I’m excited to join RegScale to continue transforming security compliance into a collaborative, automated practice aligned with modern software development. I look forward to what we can achieve together, bringing Compliance-as-Code to organizations around the world.”

In August 2022, RegScale announced the completion of a $20 million Series A funding round. This funding round was led by SYN Ventures with participation from SineWave Ventures, VIPC’s Virginia Venture Partners, SecureOctane, and several strategic investors. RegScale has also recently announced the appointment of cybersecurity industry veteran and diversity, equity and inclusion thought leader Larry Whiteside, Jr., to Chief Information Security Officer (CISO) and Eric Erston, a GRC veteran with over two decades of sales and leadership experience to Chief Revenue Officer.

Ready to get started?

Choose the path that is right for you! 

Skip the line

My organization doesn’t have GRC tools yet and I am ready to start automating my compliance with continuous monitoring pipelines now. 


My organization already has legacy compliance software, but I want to automate many of the manual processes that feed it.