> Software Procurement by Federal standards is relatively straightforward
> FedRamp and FIPS compliance
It’s odd to see these in the same sentence. FedRAMP is so insanely complex/difficult to achieve in a straightforward way. Even by your own estimate for a series E startup (with lots of capital and the ability to spend >18 months< on compliance) there’s a 3M$ variation in cost.
That rules out every startup or SME in software and that’s why you have Palantir, half baked tech that rarely delivers/is somehow more universally hated in USG than ServiceNow. Yet able to seize the space and hike prices endlessly due to compliance being so difficult to achieve — they realize/accept this as their edge as well and it’s why they so aggressively pursued IL6.
The good news is that this is going away and USG is strongly reconsidering its approach here. CMMC, imo, is a huge step in the right direction.
> FedRamp and FIPS compliance
It’s odd to see these in the same sentence. FedRAMP is so insanely complex/difficult to achieve in a straightforward way. Even by your own estimate for a series E startup (with lots of capital and the ability to spend >18 months< on compliance) there’s a 3M$ variation in cost.
That rules out every startup or SME in software and that’s why you have Palantir, half baked tech that rarely delivers/is somehow more universally hated in USG than ServiceNow. Yet able to seize the space and hike prices endlessly due to compliance being so difficult to achieve — they realize/accept this as their edge as well and it’s why they so aggressively pursued IL6.
The good news is that this is going away and USG is strongly reconsidering its approach here. CMMC, imo, is a huge step in the right direction.