By Abbey White, Staff Writer, SatNews
Dispatch from SmallSat Symposium. Coverage and analysis from across the conference, tracking the forces shaping the next phase of the SmallSat market.
MOUNTAIN VIEW. The SmallSat Symposium traditionally showcases hardware and orbital mechanics, but this year a different theme emerged. As the commercial space sector deepens ties with the Department of Defense, the focus is shifting from pure innovation to operational maturity.
During the session Orbiting Compliance: Navigating GovCon Risks in the Space Economy, industry experts outlined a new reality. The startup ethos of rapid experimentation is transitioning into a phase of rigorous documentation. Regulatory adherence is no longer a secondary concern; it has become a primary requirement for entering the federal market.
The Cost of Entry
The central challenge is implementation of the Cybersecurity Maturity Model Certification (CMMC) 2.0, which establishes new cybersecurity standards for defense contractors. For early-stage companies, the financial commitment is significant. Panelists estimated that achieving CMMC Level 2 compliance requires an investment between $100,000 and $200,000, presenting a strategic choice for engineering-focused firms.
Tucker Ward, Head of Finance at Starfish Space, shared how his company navigated this hurdle after securing a $52.5 million contract with the Space Force. Rather than applying blanket compliance across the entire organization, Starfish adopted a targeted approach by building a specific digital enclave for Controlled Unclassified Information.
“If we had to do CMMC across the entire company, that would just slow things to a halt,” Ward explained. By isolating the compliant infrastructure, Starfish protects its agility, allowing the majority of technical work to continue unimpeded. “Starfish is unapologetically innovation-first and engineering-first. Whenever we have a new compliance requirement, our first way of approaching that is, how do we make sure this doesn’t get in the way of the engineering?”
Converging Oversight
Beyond cybersecurity, the panel highlighted a structural change in government audits. Alex Mikhelson, a director at Baker Tilly, pointed to the increasing overlap between the Defense Contract Audit Agency (DCAA) and the Defense Contract Management Agency (DCMA). Previously distinct in their focus, financial auditors are now examining government property records to ensure alignment with the internal audit readiness goals of the DoD.
This convergence impacts companies developing dual-use technologies. Startups must meticulously track government-funded hardware to distinguish it from commercial assets, as failure to separate these inventory streams can lead to business system disapprovals or payment withholds. “Surprises are for birthday parties,” Mikhelson advised the room. “Nobody wants surprises.”
Supply Chain Transparency
The pressure for compliance extends down to the supply chain. Prime contractors are contractually obligated to enforce these standards on their subcontractors. Joshua Madrigal, Vice President at Millennium Space Systems, explained that while Millennium operates with a focus on speed, they require clear visibility into supplier operations to manage risk.
“Transparency and honesty need to be there,” Madrigal emphasized. “It’s, ‘Hey, we’re probably not here today, but these are the steps and here’s our roadmap of getting there.'”
This scrutiny includes component origins, as sourcing parts from restricted jurisdictions can jeopardize entire programs. Ward cited an instance where a potential supplier revealed a component originated in China. “It turns out this little component part of it was made in China. And this is for a DoD satellite program, so that’s a problem,” Ward noted. “Having to turn around and tell the DoD that there’s some Chinese components on here is a very bad day.”
Strategic Legal Frameworks
Ryan Kelley from Greenberg Traurig addressed the legal complexities facing the sector, observing that companies often struggle to identify which regulations apply to their specific growth stage. Kelley cautioned against over-compliance, arguing that seed-stage companies do not need to implement the same controls as established defense primes.
“You don’t need to spend twenty grand to classify your five products when you’re a seed-stage company. That would be a waste,” Kelley said. He also highlighted the importance of tax planning, specifically regarding Qualified Small Business Stock. Errors in how founder shares are redeemed can inadvertently disqualify a company from significant tax benefits. Kelley warned, “Redemption should be a four-letter word for a lot of people.”
The Industry Outlook
The distinction between commercial innovation and government requirements is narrowing, and companies are finding that robust back-office systems are becoming as critical as their orbital hardware. Investors and partners are increasingly looking for audit-ready fundamentals. As the sector grows, the ability to navigate this regulatory landscape will likely distinguish long-term players from the rest of the field. Compliance is no longer just a hurdle; it is a necessary component of scaling a space business.