Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I’d like to hear from others, but my assumption has been that they’re the ones that 1) have staff with the required clearance to work on DoD projects and 2) the required security and compliance certifications in their product. On the latter, it’s not easy to provide a product that is DoD IL5 certified, so that is a differentiator for them.


This is the actual answer

I was in the IC when Palantir was being rolled out and took a bunch of their training courses at their facilities in Georgetown

They have the data storage that complies with DCID and RMF ATO requirements across every IL and compartment

Before Palantir the only thing that we had was Analyst Notebook and you had to have a CD to run it and manage your own data repos locally

Palantir was entirely browser based and you didn’t have to manage data at all so they killed AN almost immediately


since i was not sure whats included in IL5, i asked GPT: >> FedRAMP Moderate baseline (as a foundation)

Additional DoD SRG IL5 controls on top of FedRAMP

Physical and logical separation of IL5 workloads from lower-level workloads

U.S. citizenship and background checks for all cloud personnel with access

Hosting and data storage within U.S. territory

Continuous monitoring and incident response plans that meet DoD requirements

DoD-specific access controls and encryption <<<

Thats quite some strict list which most companies would just not pass...




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: