RegScale Acquires GovReady to Deliver NIST OSCAL-enabled GRC Platform

RegScale, a next-generation governance risk and compliance (GRC) software company, has acquired GovReady, an open-source, compliance-as-code platform.

GovReady’s vision around a compliance-as-code, questionnaire-driven approach to generate system security plans (SSPs) coupled with RegScale’s API-centric approach positions RegScale as a leader in NIST OSCAL-enabled, next-generation GRC platform.

“Since inception, RegScale has been dedicated to helping organizations mitigate risk and regain control through our real-time GRC platform,” said Anil Karmel, co-founder and chief executive officer of RegScale. “This acquisition furthers our commitment to bring compliance into the modern era, enabling organizations to move compliance from a point-in-time to a continuous, near real-time experience.”

Developed by NIST, OSCAL is a set of formats expressed in XML, JSON, and YAML that provide machine-readable representations of control catalogs, control baselines, system security plans, and assessment plans and results. As early adopters and advocates, RegScale and GovReady embraced OSCAL as a standards-based foundation for developing its technology.

GovReady CEO Greg Elin will join RegScale’s R&D team as its OSCAL leader and compliance-as-code evangelist along with other members of the GovReady team. Elin is a pioneer of the compliance-as-code movement as an active contributor to the OpenControl community and the NIST OSCAL community and a leader of workshops. Before founding GovReady, Elin was the chief data officer at the Federal Communication Commission, where he briefly served as acting CIO.

In August 2022, RegScale announced the completion of a $20 million Series A funding round, led by SYN Ventures with participation from SineWave Ventures, VIPC’s Virginia Venture Partners, SecureOctane, and several strategic investors.

For more information, visit