How Tech Startups Break Into Government Contracting

On 16 April 2024 the U.S. Army released the Small Business Innovation Research topic “Ensuring Sensor Data Security and Integrity” on the Army SBIR program portal, seeking a prototype platform that secures the sensor data layer at the individual record level and supports Department of Defense and Army Data Strategy VAULTIS goals.

The topic accepted Direct to Phase II proposals, with awards of up to $2 million and a performance period of up to 24 months.

Eight days after the topic appeared, Walacor Corporation announced a public sector distribution agreement with Carahsoft; its announcement said Carahsoft would serve as its public sector distributor.

The Army topic page lists Walacor as a selectee, and contract records compiled by HigherGov show that Walacor received an Army SBIR Phase II award linked to the sensor data security topic.

For other technology startups, this sequence offers a practical roadmap: establish contracting eligibility, target a narrow mission problem through SBIR, and make it straightforward for buyers to place orders through established procurement channels.

Establishing a Government-Ready Foundation

Any company that wants to sell directly to federal agencies must register an entity record in SAM.gov to obtain a Unique Entity ID (UEI). For U.S.-based entities pursuing defense work, a Commercial and Government Entity (CAGE) code is assigned as part of the SAM registration process and is used by contracting officers to validate the offeror’s identity and location.

During registration, early-stage vendors select North American Industry Classification System codes that describe the work they perform and Product Service Codes that describe what they sell. For example, NAICS 541715 covers research and development in the physical, engineering and life sciences, and is commonly used for defense-funded applied R&D awards.

A one-page capability statement that summarizes the problem addressed, the solution, relevant differentiators and contact information gives government program staff a concise way to assess whether follow-up is warranted before they request detailed technical material.

For security-focused firms, documenting encryption methods, access controls, logging and data handling practices at this stage makes it easier to show how the product supports data-centric initiatives such as the Army data strategy referenced in the sensor security SBIR topic.

Targeting Mission Problems Through SBIR

The Army maintains an online SBIR portal that lists open and archived topics, including those that accept Direct to Phase II proposals where companies with existing prototypes can skip initial feasibility work and move directly to funded Phase II demonstrations, as described on the Army SBIR portal.

For the sensor data security topic, the Army specified attributes such as a unique encryption key for each submission, integrated and always-on immutable data storage, audit and logging, a tamper-proof chain of custody based on distributed ledger technology, and encryption using Advanced Encryption Standard-256 or better.

These details show how granular a problem definition can be in a defense research solicitation and give startups a checklist for aligning existing products or shaping prototypes to meet specific mission needs.

For a young company, monitoring Army SBIR topics and mapping each one against existing features, near-term roadmap items and potential integration partners can help prioritize which solicitations are realistic to pursue in the next funding cycle.

Walacor’s listing as a selectee on the sensor data security topic illustrates how a specialist data integrity platform can match a narrowly framed requirement that emphasizes record-level encryption, immutability and chain of custody.

Leveraging Procurement Vehicles Through Partnerships

Even after a prototype proves useful, agencies still need a practical way to place production orders, which is why many buyers prefer to use pre-competed contract vehicles such as NASA Solutions for Enterprise-Wide Procurement (SEWP) V and Army Information Technology Enterprise Solutions - Software 2 (ITES-SW2) for software and related services, as listed on Carahsoft.

These vehicles allow contracting officers to issue task or delivery orders under existing terms instead of running a separate full and open competition for each procurement, which can reduce administrative time for both the government and the vendor.

Resellers and distributors aggregate many technology suppliers under the same vehicles and often help with proposal paperwork, catalog updates and compliance workflows, trading a share of revenue for reach into agencies that already buy through those channels.

For startups without the scale or experience to capture and manage large federal contracts directly, teaming with a public sector distributor can be an efficient first step that makes the product visible in familiar purchasing systems before the company pursues prime contract positions.

Walacor Case Study in Practice

Public federal registration data summarized by HigherGov indicate that Walacor Corporation was founded in 2018 and registered in SAM.gov in March 2023 under classifications consistent with software, cloud infrastructure and applied R&D work.

According to contract data on HigherGov, Walacor received an Army SBIR Phase II award valued at up to $1,999,237, with a period of performance running from 24 March 2025 through 23 September 2026.

The Army SBIR topic page lists Walacor Corporation alongside Beskar Inc. as selectees for the sensor data security topic, which emphasizes unique encryption keys per submission, integrated immutable storage with audit logging, and a tamper-proof chain of custody based on distributed ledger technology, as described by the Army SBIR program.

Walacor’s April 2024 announcement states that its platform uses record-level encryption, emphasizes auditability and immutability, and supports S3 integrations, and that Carahsoft would act as its Public Sector distributor with availability through NASPO ValuePoint and OMNIA Partners, according to Walacor.

A separate contracts page on Carahsoft lists Walacor as orderable through widely used procurement vehicles including NASA SEWP V, Army ITES-SW2, NASPO ValuePoint, OMNIA Partners cooperative contracts, and The Quilt for education buyers. Specific vehicle identifiers and ordering details are maintained on that page and can change over time.

Taken together, the SBIR topic selection, the Phase II award and the presence on widely used procurement vehicles give Walacor a combination of technical validation and acquisition access that many early-stage firms seek when entering the defense market.

Building Past Performance and Scaling

SBIR Phase II contracts, including the award issued to Walacor, are formally research and development awards, but the fixed-price structure and defined deliverables can give startups a referenceable record of performance under federal acquisition rules.

After successful delivery, companies can cite SBIR technical reports, test data and user feedback in later proposals to show that their technology has been exercised against operational requirements rather than only in commercial pilots.

When the same product is available through contract vehicles such as NASA SEWP V or Army ITES-SW2, program offices that sponsor SBIR prototypes can work with contracting officers to shift from research funding to production purchases by placing orders under those vehicles instead of creating new standalone contracts.

Each task order or license call adds to the vendor’s past performance record in government databases, which can improve evaluations on future competitions that ask for experience delivering similar technologies to defense or civilian customers.

For founders, a practical objective is to combine enough small SBIR, catalog and subcontract wins to demonstrate consistent delivery inside government constraints before pursuing larger prime roles.

Strategic Risks and Mitigations

Cloud-based startups that plan to handle federal data need to account early for the Federal Risk and Authorization Management Program, because guidance summarized by FedRAMP states that agencies must obtain and maintain a FedRAMP authorization for cloud services that are within the program’s scope.

FedRAMP’s scope depends on how an agency uses a cloud service and what information and controls are in play, so some tools may fall outside the formal mandate even if they are internet-accessible.

Where FedRAMP does apply, vendors need to budget time and resources for security assessments, documentation and ongoing monitoring and align their product architecture with the impact level and deployment model that target customers expect.

Data rights are another planning issue, since Small Business Innovation Research policy on SBIR.gov states that SBIR and STTR data are protected from disclosure by participating agencies for a period of not less than 20 years from the date of award.

Startups using SBIR to validate new capabilities should understand how this protection period interacts with their broader intellectual property strategy and ensure that deliverables are correctly marked so that rights are preserved for follow-on commercialization.

Distributor or reseller agreements can pose their own risks if they do not clearly define how customer relationships, pricing and discount structures work across different vehicles, so founders should ensure that contract language matches their long-term sales and support plans.

Walacor’s path into the Army SBIR program and onto multiple contract vehicles does not remove the complexity of federal sales, but it shows that aligning one well-defined mission problem with a compatible acquisition route can make that complexity more manageable for small technology companies.

Sources

• U.S. Army SBIR|STTR Program. "Ensuring Sensor Data Security and Integrity." U.S. Army, 2024.
• Carahsoft Technology Corp. "Walacor Government Procurement Contracts." Carahsoft, 2025.
• Walacor Corporation. "Walacor and Carahsoft Partner to Bring Next-Gen Tech for Securing Data at Rest to the Public Sector." Walacor, 2024.
• HigherGov. "Contract W5170125CA109 Walacor Corporation." HigherGov, 2025.
• HigherGov. "Walacor Corporation (MGZBPXEZLGM3)." HigherGov, 2025.
• U.S. General Services Administration. "SAM.gov." GSA, 2025.
• Acquisition.gov. "FAR 52.204-16 Commercial and Government Entity Code Reporting." FAR, 2020.
• U.S. Small Business Administration. "Data Rights." SBIR.gov, 2019.
• FedRAMP Program Management Office. "Scope of FedRAMP Guidelines and Examples." FedRAMP, 2025.