If you're building SaaS for government -- federal agencies, state/local governments, public safety, tax authorities, civic tech platforms -- you already know the compliance overhead is unlike any other vertical.
What most GovTech SaaS founders underestimate is where their automation infrastructure intersects with their customers' compliance obligations.
The problem: your customers operate under FedRAMP ATOs, CJIS Security Policy agreements, IRS Publication 1075 safeguard requirements, and StateRAMP authorizations. Each framework has something in common -- they define an authorization boundary, and any system processing in-scope data must be inside that boundary or explicitly authorized.
A commercial cloud automation platform like Zapier is not inside your customer's FedRAMP boundary. It is not covered by their CJIS Management Control Agreement. It is not on their IRS TCC security review. When your customer's auditor finds an undocumented automation system processing federal data, that is not a risk item -- it is an active finding.
Self-hosted n8n solves this architecturally: deployed inside your customer's authorization boundary (or your own FedRAMP-authorized boundary), it processes no data outside the defined scope. No additional MCA. No TCC exposure. No ConMon finding.
Here are 5 production-grade n8n workflows every GovTech SaaS vendor needs.
The Three Hardest Compliance Boundary Problems in GovTech
1. FedRAMP ATO boundary expansion (44 USC 3554 / NIST 800-53 CA-3)
Your customer's ATO was granted for a specific information system boundary. Every external service processing federal information must be within that boundary or have its own FedRAMP authorization. A cloud automation platform routing agency data is an undocumented external connection -- a CAT 3 finding in Continuous Monitoring.
2. CJIS Security Policy 5.3.4.1 -- cloud computing
Any cloud service processing Criminal Justice Information (warrants, arrest records, fingerprints, 911 call data) must be covered by a CJIS Management Control Agreement (MCA). Commercial cloud automation vendors do not have FBI MCAs. The moment your public safety SaaS routes CJI through an external automation tool, you have created a section 5.9.3 security incident by definition.
3. IRS Publication 1075 section 4.1 -- Federal Tax Information boundary
FTI must remain within agency boundary and covered systems. Any processor of FTI is in scope for the IRS TCC (Third-Party Connection) security review. Cloud automation platforms touching FTI data without being on the agency's TCC submission create a section 10.2 reportable incident.
5 n8n Workflows for GovTech SaaS Vendors
1. Tier-Segmented Government Client Onboarding Drip
Government clients do not onboard like commercial SaaS customers. Their compliance obligations vary dramatically: a federal agency under FedRAMP High needs FISMA incident response configured from day one; a public safety customer needs CJIS architecture review within 48 hours; an IRS FTI customer needs TCC security documentation before first use.
This workflow classifies incoming clients into 6 tiers and triggers compliance-specific onboarding tracks:
- ENTERPRISE_FEDERAL_SAAS: FedRAMP High ATO -- ConMon, NIST 800-53 inheritance map, ISSO introduction
- PUBLIC_SAFETY_SAAS: CJIS-covered -- FBI MCA documentation, CJIS architecture review within 48h
- TAX_REVENUE_SAAS: IRS Pub 1075 FTI -- TCC security review, 24h breach pipeline setup
- STATE_LOCAL_GOVERNMENT_SAAS: StateRAMP authorized -- state CJIS policy, NIST 800-53 Moderate baseline
- CIVIC_ENGAGEMENT_SAAS: Section 508/ADA -- accessibility testing guide, UOCAVA/FVAP compliance notes
- FEDRAMP_MODERATE_SAAS: FedRAMP Moderate -- ConMon monthly, POA&M tracking from day one
{
"name": "GovTech Tier-Segmented Onboarding Drip",
"nodes": [
{
"id": "1",
"name": "Google Sheets Trigger",
"type": "n8n-nodes-base.googleSheetsTrigger",
"parameters": {
"operation": "getRows",
"sheetId": "NEW_GOVTECH_CLIENTS_SHEET"
}
},
{
"id": "2",
"name": "Classify Agency Tier",
"type": "n8n-nodes-base.code",
"parameters": {
"jsCode": "const row = $json;\nconst ato = (row.fedramp_ato || '').toUpperCase();\nconst cjis = (row.cjis_required || '').toUpperCase() === 'TRUE';\nconst fti = (row.irs_fti_scope || '').toUpperCase() === 'TRUE';\nconst mrr = parseFloat(row.mrr_usd || 0);\nlet tier = 'GOVTECH_STARTUP', track = 'STARTUP_TRACK', flags = [];\nif (ato === 'HIGH' || mrr >= 250000) {\n tier = 'ENTERPRISE_FEDERAL_SAAS'; track = 'FEDRAMP_HIGH_TRACK';\n flags = ['FEDRAMP_HIGH_ATO','FISMA_HIGH','NIST_800_53_FULL','CONMON_MONTHLY'];\n} else if (ato === 'MODERATE' || mrr >= 50000) {\n tier = 'FEDRAMP_MODERATE_SAAS'; track = 'FEDRAMP_MOD_TRACK';\n flags = ['FEDRAMP_MODERATE_ATO','FISMA_MODERATE','CONMON_MONTHLY'];\n} else if (cjis) {\n tier = 'PUBLIC_SAFETY_SAAS'; track = 'CJIS_TRACK';\n flags = ['CJIS_SECURITY_POLICY_V5_9','FBI_MCA_REQUIRED','CJIS_AUDIT_3YR'];\n} else if (fti) {\n tier = 'TAX_REVENUE_SAAS'; track = 'IRS_1075_TRACK';\n flags = ['IRS_PUB_1075_FTI','IRS_TCC_SECURITY_REVIEW','FTI_AUDIT_ANNUAL'];\n} else if ((row.stateramp_status || '').toUpperCase() === 'AUTHORIZED') {\n tier = 'STATE_LOCAL_GOVERNMENT_SAAS'; track = 'STATERAMP_TRACK';\n flags = ['STATERAMP_AUTHORIZED','NIST_800_53_MOD_BASELINE'];\n} else {\n tier = 'CIVIC_ENGAGEMENT_SAAS'; track = 'CIVIC_TRACK';\n flags = ['SECTION_508_REHAB_ACT','ADA_TITLE_II'];\n}\nreturn [{ ...row, tier, track, complianceFlags: flags.join(','), cjis_scope: cjis, fti_scope: fti }];"
}
},
{
"id": "3",
"name": "Route by Track",
"type": "n8n-nodes-base.switch",
"parameters": {
"rules": {
"values": [
{
"value1": "={{ $json.track }}",
"operation": "equal",
"value2": "FEDRAMP_HIGH_TRACK",
"output": 0
},
{
"value1": "={{ $json.track }}",
"operation": "equal",
"value2": "CJIS_TRACK",
"output": 1
},
{
"value1": "={{ $json.track }}",
"operation": "equal",
"value2": "IRS_1075_TRACK",
"output": 2
},
{
"value1": "={{ $json.track }}",
"operation": "equal",
"value2": "STATERAMP_TRACK",
"output": 3
}
]
}
}
},
{
"id": "4",
"name": "Day 0 Email - FedRAMP High",
"type": "n8n-nodes-base.gmail",
"parameters": {
"to": "={{ $json.contact_email }}",
"subject": "Welcome - FedRAMP High ATO Onboarding Checklist",
"message": "Your platform operates within a FedRAMP High ATO. Key items: (1) automation deployed inside your ATO boundary; (2) ConMon monthly POA&M logging from day one; (3) NIST 800-53 Rev 5 control inheritance map available on request."
}
},
{
"id": "5",
"name": "Day 0 Email - CJIS Track",
"type": "n8n-nodes-base.gmail",
"parameters": {
"to": "={{ $json.contact_email }}",
"subject": "Welcome - CJIS Security Policy Configuration Guide Enclosed",
"message": "Your platform handles Criminal Justice Information. Setup items: (1) automation runs inside your CJIS policy area; (2) FBI Management Control Agreement must cover all data processors; (3) CJIS audit log retention 1 year minimum. CSM will schedule CJIS architecture review within 48h."
}
},
{
"id": "6",
"name": "Day 0 Email - IRS 1075 Track",
"type": "n8n-nodes-base.gmail",
"parameters": {
"to": "={{ $json.contact_email }}",
"subject": "Welcome - IRS Publication 1075 FTI Configuration Required",
"message": "Your platform handles Federal Tax Information. IRS Pub 1075 section 4.1 requires FTI to remain within agency boundary. Checklist: (1) automation on TCC-covered infrastructure; (2) IRS TCC security review includes automation platform; (3) 24h breach notification pipeline configured."
}
},
{
"id": "7",
"name": "Slack CSM Alert",
"type": "n8n-nodes-base.slack",
"parameters": {
"channel": "#govtech-onboarding",
"text": "={{ 'New GovTech client: ' + $json.company_name + ' | Tier: ' + $json.tier + ' | Track: ' + $json.track + ' | CJIS: ' + $json.cjis_scope + ' | FTI: ' + $json.fti_scope + ' | Flags: ' + $json.complianceFlags }}"
}
},
{
"id": "8",
"name": "Log to Audit Sheet",
"type": "n8n-nodes-base.googleSheets",
"parameters": {
"operation": "append",
"sheetId": "GOVTECH_ONBOARDING_AUDIT_LOG",
"columns": {
"mappingMode": "defineBelow",
"value": {
"timestamp": "={{ $now.toISO() }}",
"company": "={{ $json.company_name }}",
"tier": "={{ $json.tier }}",
"compliance_flags": "={{ $json.complianceFlags }}",
"track": "={{ $json.track }}",
"source": "n8n_onboarding_drip",
"fisma_note": "FISMA_3554_AUDIT_RECORD"
}
}
}
}
]
}
2. FedRAMP / CJIS / IRS-1075 / StateRAMP Compliance Deadline Tracker
Government compliance deadlines are not soft targets. A lapsed FedRAMP ATO means your federal agency customers cannot legally use the system. A missed CJIS triennial audit means CJI access revocation. A failed IRS TCC review means FTI access suspension.
This workflow monitors 12 compliance event types, scores urgency (OVERDUE / CRITICAL / URGENT / WARNING), and routes alerts before deadlines pass:
| Event | Framework | Fastest Clock | Penalty |
|---|---|---|---|
| FEDRAMP_ATO_EXPIRATION | FedRAMP Rev 5 section 4.2 | 1 year | System shutdown |
| CJIS_TRIENNIAL_AUDIT | CJIS SPv5.9 section 3 | 3 years | CJI access revocation |
| IRS_1075_TCC_REVIEW_ANNUAL | IRS Pub 1075 section 4.1 | 1 year | TCC suspension |
| CISA_KEV_PATCH_DEADLINE | BOD 22-01 | 14 days | Agency noncompliance |
| FBI_MCA_REVIEW_ANNUAL | CJIS SPv5.9 section 3.1.2 | 1 year | Undocumented processor = violation |
| SECTION_508_ANNUAL_AUDIT | 29 USC section 794d | 1 year | DOJ investigation |
{
"name": "FedRAMP CJIS IRS-1075 StateRAMP Compliance Deadline Tracker",
"nodes": [
{
"id": "1",
"name": "Weekdays 7AM",
"type": "n8n-nodes-base.scheduleTrigger",
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 7 * * 1-5"
}
]
}
}
},
{
"id": "2",
"name": "Load Compliance Calendar",
"type": "n8n-nodes-base.googleSheets",
"parameters": {
"operation": "getAll",
"sheetId": "GOVTECH_COMPLIANCE_CALENDAR"
}
},
{
"id": "3",
"name": "Score Urgency",
"type": "n8n-nodes-base.code",
"parameters": {
"jsCode": "const now = new Date();\nconst actionMap = {\n FEDRAMP_ATO_EXPIRATION: { owner: 'ISSO', framework: 'FedRAMP Rev5 \u00a74.2', penalty: 'ATO lapse = system shutdown' },\n FEDRAMP_CONMON_MONTHLY: { owner: 'ISSO', framework: 'FedRAMP ConMon \u00a74.3', penalty: 'ConMon finding = ATO at risk' },\n FEDRAMP_POAM_UPDATE: { owner: 'ISSO', framework: 'FedRAMP \u00a7CA-5', penalty: 'Open POA&M = HQ finding' },\n CJIS_TRIENNIAL_AUDIT: { owner: 'CJIS_ADMIN', framework: 'CJIS SPv5.9 \u00a73', penalty: 'CJI access revocation' },\n CJIS_SECURITY_AWARENESS_ANNUAL: { owner: 'HR', framework: 'CJIS SPv5.9 \u00a75.2', penalty: 'Noncompliant user = suspended CJI access' },\n FBI_MCA_REVIEW_ANNUAL: { owner: 'LEGAL', framework: 'CJIS SPv5.9 \u00a73.1.2', penalty: 'Undocumented processor = CJIS violation' },\n IRS_1075_TCC_REVIEW_ANNUAL: { owner: 'COMPLIANCE', framework: 'IRS Pub 1075 \u00a74.1', penalty: 'TCC suspension = no FTI access' },\n IRS_1075_FTI_SAFEGUARDS_REVIEW: { owner: 'CISO', framework: 'IRS Pub 1075 \u00a79', penalty: 'IRS SSR finding = corrective action plan' },\n STATERAMP_ANNUAL_ASSESSMENT: { owner: 'COMPLIANCE', framework: 'StateRAMP \u00a75', penalty: 'Authorization removal = state contracts at risk' },\n CISA_KEV_PATCH_DEADLINE: { owner: 'ENGINEERING', framework: 'BOD 22-01', penalty: 'Agency BOD 22-01 noncompliance' },\n SECTION_508_ANNUAL_AUDIT: { owner: 'PRODUCT', framework: '29 USC \u00a7794d', penalty: 'Section 508 complaint = DOJ investigation' },\n SOC2_TYPE2_RENEWAL: { owner: 'COMPLIANCE', framework: 'SOC2 AICPA', penalty: 'Expired SOC2 = agency contract risk' }\n};\nconst results = [];\nfor (const row of $input.all()) {\n const d = row.json;\n const daysUntil = Math.ceil((new Date(d.due_date) - now) / 86400000);\n const action = actionMap[d.compliance_type] || { owner: 'COMPLIANCE', framework: 'Internal', penalty: 'Gap' };\n let urgency = 'NOTICE';\n if (daysUntil < 0) urgency = 'OVERDUE';\n else if (daysUntil <= 3) urgency = 'CRITICAL';\n else if (daysUntil <= 7) urgency = 'URGENT';\n else if (daysUntil <= 14) urgency = 'WARNING';\n results.push({ ...d, daysUntil, urgency, ...action });\n}\nreturn results.filter(r => ['OVERDUE','CRITICAL','URGENT','WARNING'].includes(r.urgency));"
}
},
{
"id": "4",
"name": "Route by Urgency",
"type": "n8n-nodes-base.switch",
"parameters": {
"rules": {
"values": [
{
"value1": "={{ $json.urgency }}",
"operation": "equal",
"value2": "OVERDUE",
"output": 0
},
{
"value1": "={{ $json.urgency }}",
"operation": "equal",
"value2": "CRITICAL",
"output": 1
},
{
"value1": "={{ $json.urgency }}",
"operation": "equal",
"value2": "URGENT",
"output": 2
}
]
}
}
},
{
"id": "5",
"name": "Slack OVERDUE @here",
"type": "n8n-nodes-base.slack",
"parameters": {
"channel": "#govtech-compliance-ops",
"text": "={{ 'OVERDUE: ' + $json.compliance_type + ' | ' + $json.framework + ' | ' + Math.abs($json.daysUntil) + ' days overdue | Penalty: ' + $json.penalty + ' | Owner: ' + $json.owner + ' | Customer: ' + $json.customer_name }}"
}
},
{
"id": "6",
"name": "Gmail Owner OVERDUE",
"type": "n8n-nodes-base.gmail",
"parameters": {
"to": "={{ $json.owner_email }}",
"subject": "={{ 'OVERDUE: ' + $json.compliance_type + ' - ' + $json.customer_name }}",
"message": "={{ 'Compliance deadline passed ' + Math.abs($json.daysUntil) + ' days ago. Framework: ' + $json.framework + '. Penalty risk: ' + $json.penalty }}"
}
},
{
"id": "7",
"name": "Log to Sheets",
"type": "n8n-nodes-base.googleSheets",
"parameters": {
"operation": "append",
"sheetId": "GOVTECH_COMPLIANCE_TRACKER",
"columns": {
"mappingMode": "defineBelow",
"value": {
"timestamp": "={{ $now.toISO() }}",
"customer": "={{ $json.customer_name }}",
"type": "={{ $json.compliance_type }}",
"urgency": "={{ $json.urgency }}",
"days_until": "={{ $json.daysUntil }}",
"framework": "={{ $json.framework }}",
"owner": "={{ $json.owner }}"
}
}
}
}
]
}
3. GovTech Platform API Health Monitor (15-Minute Cadence)
Government platform downtime carries regulatory consequence beyond SLA penalties. If a CJIS-covered endpoint goes down, law enforcement agencies lose CJI access -- a public safety issue. If an FTI API goes down, tax processing halts with IRS reporting implications.
This monitor checks critical endpoint categories every 15 minutes with CJIS/FTI scope flags and 30-minute alert suppression:
-
fedramp_boundary_api-- FISMA section 3554 system availability SLA -
cjis_cji_access_api-- CRITICAL: CJIS SPv5.9 section 5.9 availability -
irs_fti_processing_api-- CRITICAL: IRS Pub 1075 section 4.1 FTI boundary -
stateramp_data_api-- StateRAMP section 5 availability requirement -
civic_portal_api-- Section 508/ADA accessibility continuity
{
"name": "GovTech Platform API Health Monitor 15-Minute",
"nodes": [
{
"id": "1",
"name": "Every 15 Minutes",
"type": "n8n-nodes-base.scheduleTrigger",
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "*/15 * * * *"
}
]
}
}
},
{
"id": "2",
"name": "Load Endpoints",
"type": "n8n-nodes-base.postgres",
"parameters": {
"operation": "select",
"query": "SELECT endpoint_name, url, compliance_scope, customer_tier, cjis_scope, fti_scope FROM govtech_platform_endpoints WHERE monitoring_active = true"
}
},
{
"id": "3",
"name": "Ping Each Endpoint",
"type": "n8n-nodes-base.httpRequest",
"parameters": {
"url": "={{ $json.url }}",
"method": "GET",
"timeout": 8000,
"response": {
"response": {
"neverError": true
}
}
}
},
{
"id": "4",
"name": "Classify and Suppress",
"type": "n8n-nodes-base.code",
"parameters": {
"jsCode": "const prev = $getWorkflowStaticData('global');\nconst now = new Date().toISOString();\nconst results = [];\nfor (const item of $input.all()) {\n const d = item.json;\n const status = d.statusCode;\n let health = 'HEALTHY';\n if (!status || status >= 500) health = 'DOWN';\n else if (status >= 400) health = 'DEGRADED';\n const key = d.endpoint_name;\n const suppressKey = 'suppress_' + key;\n const lastAlert = prev[suppressKey] ? new Date(prev[suppressKey]) : null;\n const shouldAlert = (health !== 'HEALTHY') && (!lastAlert || (new Date() - lastAlert) > 30 * 60000);\n if (shouldAlert) { prev[suppressKey] = now; results.push({ ...d, health, alert: true }); }\n prev[key] = health;\n}\n$setWorkflowStaticData('global', prev);\nreturn results.length > 0 ? results : [{ skip: true }];"
}
},
{
"id": "5",
"name": "Skip if Healthy",
"type": "n8n-nodes-base.if",
"parameters": {
"conditions": {
"boolean": [
{
"value1": "={{ $json.skip }}",
"value2": true
}
]
}
}
},
{
"id": "6",
"name": "Slack Alert",
"type": "n8n-nodes-base.slack",
"parameters": {
"channel": "#govtech-platform-ops",
"text": "={{ ($json.cjis_scope ? 'CJIS-SCOPE ' : ($json.fti_scope ? 'FTI-SCOPE ' : '')) + $json.health + ': ' + $json.endpoint_name + ' | HTTP ' + $json.statusCode + ' | Scope: ' + $json.compliance_scope }}"
}
},
{
"id": "7",
"name": "Log Incident",
"type": "n8n-nodes-base.postgres",
"parameters": {
"operation": "insert",
"table": "govtech_platform_incidents",
"columns": "endpoint_name,health_status,http_status,compliance_scope,detected_at",
"values": "={{ [$json.endpoint_name, $json.health, $json.statusCode, $json.compliance_scope, $now.toISO()] }}",
"conflictAction": "ignore"
}
}
]
}
4. GovTech Security Incident and Breach Alert Pipeline
Government security incidents trigger multi-agency notification obligations. A FedRAMP security incident requires US-CERT notification within 1 hour under IR-6. A CJIS CJI unauthorized access triggers FBI NCICC notification per section 5.9.3. An IRS FTI unauthorized disclosure requires notification under IRC section 7213A within 24 hours.
This webhook-driven pipeline handles 8 GovTech incident types:
| Incident | SLA | Framework | Fastest Clock |
|---|---|---|---|
| FEDRAMP_SECURITY_INCIDENT | IMMEDIATE | FedRAMP IR-6 + US-CERT | 1 hour (US-CERT) |
| CJIS_CJI_UNAUTHORIZED_ACCESS | IMMEDIATE | CJIS SPv5.9 section 5.9.3 | Immediate (FBI NCICC) |
| IRS_FTI_UNAUTHORIZED_DISCLOSURE | 24H | IRS Pub 1075 section 10.2 | 24 hours (IRS TIGTA) |
| CISA_KEV_EXPLOIT_DETECTED | 14D PATCH | BOD 22-01 | 14 days |
| STATERAMP_DATA_BREACH | 72H | StateRAMP section 7 | 72 hours |
| DATA_BREACH_CITIZEN_PII | 72H | GDPR Art.33 + state law | 72 hours |
{
"name": "GovTech Security Incident and Breach Alert Pipeline",
"nodes": [
{
"id": "1",
"name": "Webhook",
"type": "n8n-nodes-base.webhook",
"parameters": {
"path": "govtech-incident",
"method": "POST"
}
},
{
"id": "2",
"name": "Classify Incident",
"type": "n8n-nodes-base.code",
"parameters": {
"jsCode": "const typeMap = {\n FEDRAMP_SECURITY_INCIDENT: { sla: 'IMMEDIATE 1H US-CERT', framework: 'FedRAMP IR-6', channel: '#fedramp-incident', severity: 'CRITICAL', notify: 'ISSO,JAB,AO' },\n CJIS_CJI_UNAUTHORIZED_ACCESS: { sla: 'IMMEDIATE FBI NCICC', framework: 'CJIS SPv5.9 \u00a75.9.3', channel: '#cjis-incident', severity: 'CRITICAL', notify: 'CJIS_ADMIN,FBI_NCICC,STATE_CSA' },\n IRS_FTI_UNAUTHORIZED_DISCLOSURE: { sla: '24H IRS TIGTA', framework: 'IRS Pub 1075 \u00a710.2 + IRC \u00a77213A', channel: '#irs-incident', severity: 'CRITICAL', notify: 'COMPLIANCE,IRS_TIGTA,AGENCY_CONTACT' },\n CISA_KEV_EXPLOIT_DETECTED: { sla: '14D PATCH', framework: 'BOD 22-01', channel: '#security-ops', severity: 'CRITICAL', notify: 'CISO,ENGINEERING' },\n STATERAMP_DATA_BREACH: { sla: '72H STATE NOTIFY', framework: 'StateRAMP \u00a77 + state breach law', channel: '#stateramp-incident', severity: 'HIGH', notify: 'COMPLIANCE,LEGAL,STATERAMP_PMO' },\n FEDRAMP_CONMON_FINDING: { sla: '30D POA&M', framework: 'FedRAMP ConMon \u00a74.3', channel: '#fedramp-conmon', severity: 'HIGH', notify: 'ISSO,ENGINEER' },\n SECTION_508_COMPLAINT: { sla: '30D RESPONSE', framework: '29 USC \u00a7794d + DOJ', channel: '#product-compliance', severity: 'MEDIUM', notify: 'PRODUCT,LEGAL' },\n DATA_BREACH_CITIZEN_PII: { sla: '72H NOTIFY', framework: 'GDPR Art.33 + state breach', channel: '#privacy-incident', severity: 'HIGH', notify: 'DPO,LEGAL' }\n};\nconst e = $json;\nconst info = typeMap[e.incident_type] || { sla: 'REVIEW', framework: 'Internal', channel: '#govtech-compliance-ops', severity: 'MEDIUM', notify: 'COMPLIANCE' };\nreturn [{ ...e, ...info, detected_at: new Date().toISOString() }];"
}
},
{
"id": "3",
"name": "Route by Severity",
"type": "n8n-nodes-base.switch",
"parameters": {
"rules": {
"values": [
{
"value1": "={{ $json.severity }}",
"operation": "equal",
"value2": "CRITICAL",
"output": 0
},
{
"value1": "={{ $json.severity }}",
"operation": "equal",
"value2": "HIGH",
"output": 1
}
]
}
}
},
{
"id": "4",
"name": "Slack CRITICAL @channel",
"type": "n8n-nodes-base.slack",
"parameters": {
"channel": "={{ $json.channel }}",
"text": "={{ 'CRITICAL GovTech Incident @channel | Type: ' + $json.incident_type + ' | SLA: ' + $json.sla + ' | Framework: ' + $json.framework + ' | Customer: ' + $json.customer_name + ' | Notify: ' + $json.notify + ' | Detected: ' + $json.detected_at }}"
}
},
{
"id": "5",
"name": "Log to Postgres",
"type": "n8n-nodes-base.postgres",
"parameters": {
"operation": "insert",
"table": "govtech_security_incidents",
"columns": "incident_type,severity,sla,framework,customer_name,detected_at",
"values": "={{ [$json.incident_type, $json.severity, $json.sla, $json.framework, $json.customer_name, $json.detected_at] }}",
"conflictAction": "ignore"
}
},
{
"id": "6",
"name": "Respond 200",
"type": "n8n-nodes-base.respondToWebhook",
"parameters": {
"respondWith": "json",
"responseBody": "={{ { received: true, incident_type: $json.incident_type, sla: $json.sla, detected_at: $json.detected_at } }}"
}
}
]
}
5. Weekly GovTech Platform KPI Dashboard
Government contract renewals depend on demonstrable compliance posture, not just usage metrics. Your CEO and CISO need to see FedRAMP account counts, CJIS customer health, FTI scope exposure, and overdue compliance deadlines in a single weekly report.
This Monday 7 AM workflow pulls two parallel Postgres queries, merges platform and compliance metrics, computes week-over-week deltas using $getWorkflowStaticData, and sends a color-coded HTML email to CEO with BCC to CISO and CRO:
{
"name": "Weekly GovTech Platform KPI Dashboard",
"nodes": [
{
"id": "1",
"name": "Monday 7 AM",
"type": "n8n-nodes-base.scheduleTrigger",
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 7 * * 1"
}
]
}
}
},
{
"id": "2",
"name": "Fetch Platform Metrics",
"type": "n8n-nodes-base.postgres",
"parameters": {
"operation": "select",
"query": "SELECT COUNT(DISTINCT customer_id) as active_customers, COUNT(DISTINCT CASE WHEN tier IN ('ENTERPRISE_FEDERAL_SAAS','FEDRAMP_MODERATE_SAAS') THEN customer_id END) as fedramp_accounts, COUNT(DISTINCT CASE WHEN tier='PUBLIC_SAFETY_SAAS' THEN customer_id END) as cjis_accounts, COUNT(DISTINCT CASE WHEN tier='TAX_REVENUE_SAAS' THEN customer_id END) as fti_accounts, SUM(mrr_usd) as total_mrr, SUM(CASE WHEN created_at >= NOW()-INTERVAL '7 days' THEN mrr_usd ELSE 0 END) as new_mrr_7d FROM govtech_customers WHERE active=true"
}
},
{
"id": "3",
"name": "Fetch Compliance Metrics",
"type": "n8n-nodes-base.postgres",
"parameters": {
"operation": "select",
"query": "SELECT COUNT(CASE WHEN urgency='OVERDUE' THEN 1 END) as overdue_deadlines, COUNT(CASE WHEN urgency IN ('CRITICAL','URGENT') THEN 1 END) as critical_deadlines, COUNT(CASE WHEN compliance_type LIKE 'FEDRAMP%' AND urgency='OVERDUE' THEN 1 END) as fedramp_overdue, COUNT(CASE WHEN compliance_type LIKE 'CJIS%' AND urgency='OVERDUE' THEN 1 END) as cjis_overdue, COUNT(CASE WHEN compliance_type LIKE 'IRS%' AND urgency='OVERDUE' THEN 1 END) as irs_1075_overdue FROM govtech_compliance_tracker WHERE created_at >= NOW()-INTERVAL '7 days'"
}
},
{
"id": "4",
"name": "Merge Metrics",
"type": "n8n-nodes-base.merge",
"parameters": {
"mode": "combine",
"combinationMode": "multiplex"
}
},
{
"id": "5",
"name": "Build HTML Report",
"type": "n8n-nodes-base.code",
"parameters": {
"jsCode": "const prev = $getWorkflowStaticData('global');\nconst m = $input.all()[0].json;\nconst wow = (curr, key) => { const p = parseFloat(prev[key] || curr); const pct = p === 0 ? 0 : ((curr - p) / p * 100).toFixed(1); return pct >= 0 ? '+' + pct + '%' : pct + '%'; };\nprev.last_mrr = m.total_mrr; prev.last_customers = m.active_customers;\n$setWorkflowStaticData('global', prev);\nconst red = (v) => v > 0 ? 'style=\"color:red\"' : 'style=\"color:green\"';\nconst html = '<h2>GovTech Weekly KPI - ' + new Date().toDateString() + '</h2>' +\n '<table border=\"1\" cellpadding=\"6\">' +\n '<tr><th>Metric</th><th>Value</th><th>WoW</th></tr>' +\n '<tr><td>Active Customers</td><td>' + m.active_customers + '</td><td>' + wow(m.active_customers,'last_customers') + '</td></tr>' +\n '<tr><td>FedRAMP Accounts</td><td>' + m.fedramp_accounts + '</td><td>--</td></tr>' +\n '<tr><td>CJIS Accounts</td><td>' + m.cjis_accounts + '</td><td>--</td></tr>' +\n '<tr><td>FTI Accounts</td><td>' + m.fti_accounts + '</td><td>--</td></tr>' +\n '<tr><td>Total MRR</td><td>$' + Number(m.total_mrr).toLocaleString() + '</td><td>' + wow(m.total_mrr,'last_mrr') + '</td></tr>' +\n '<tr><td>New MRR 7d</td><td>$' + Number(m.new_mrr_7d).toLocaleString() + '</td><td>--</td></tr>' +\n '<tr><td>Overdue Deadlines</td><td ' + red(m.overdue_deadlines) + '>' + m.overdue_deadlines + '</td><td>--</td></tr>' +\n '<tr><td>Critical Deadlines</td><td>' + m.critical_deadlines + '</td><td>--</td></tr>' +\n '<tr><td>FedRAMP Overdue</td><td ' + red(m.fedramp_overdue) + '>' + m.fedramp_overdue + '</td><td>--</td></tr>' +\n '<tr><td>CJIS Overdue</td><td ' + red(m.cjis_overdue) + '>' + m.cjis_overdue + '</td><td>--</td></tr>' +\n '<tr><td>IRS 1075 Overdue</td><td ' + red(m.irs_1075_overdue) + '>' + m.irs_1075_overdue + '</td><td>--</td></tr>' +\n '</table>';\nreturn [{ html, ...m }];"
}
},
{
"id": "6",
"name": "Email CEO + BCC CISO",
"type": "n8n-nodes-base.gmail",
"parameters": {
"to": "ceo@yourcompany.com",
"bcc": "ciso@yourcompany.com,cro@yourcompany.com,compliance@yourcompany.com",
"subject": "={{ 'GovTech Weekly KPI - ' + $now.format('YYYY-MM-DD') }}",
"message": "={{ $json.html }}"
}
},
{
"id": "7",
"name": "Slack #exec-kpis",
"type": "n8n-nodes-base.slack",
"parameters": {
"channel": "#exec-kpis",
"text": "={{ 'GovTech KPI: ' + $json.active_customers + ' customers | MRR $' + Number($json.total_mrr).toLocaleString() + ' | FedRAMP: ' + $json.fedramp_accounts + ' | CJIS: ' + $json.cjis_accounts + ' | FTI: ' + $json.fti_accounts + ' | Overdue: ' + $json.overdue_deadlines }}"
}
}
]
}
Why Self-Hosted n8n Is the Only Answer for GovTech
| Capability | Zapier / Make | Self-Hosted n8n |
|---|---|---|
| Inside FedRAMP ATO boundary | No -- external system | Yes -- deployed inside boundary |
| CJIS Management Control Agreement | No -- no FBI MCA | Yes -- internal system, no MCA needed |
| IRS TCC security review scope | No -- external processor | Yes -- boundary-internal, TCC-clean |
| StateRAMP authorized environment | No -- commercial multi-tenant | Yes -- deploy in StateRAMP env |
| CISA KEV patch control timeline | No -- vendor controls | Yes -- you control patch cadence |
| ConMon documentation | No -- not in ATO boundary | Yes -- documented in ATO system |
| Cost at 5M tasks/mo | $5,000+ | $60 VPS |
The self-hosting argument in GovTech is not a cost argument. It is an architecture compliance argument. Cloud automation platforms are categorically excluded from FedRAMP ATOs, CJIS policy areas, and IRS TCC boundaries. Self-hosted n8n is categorically included.
Free Workflow JSON: All 5 workflows above are ready to import. Get the full template pack (15 templates + PDF setup guides + Postgres schemas) at stripeai.gumroad.com.
These workflows are architectural illustrations. Validate all compliance timelines with qualified legal counsel before production deployment.
Top comments (0)