[Draft] Content Management System

• Status: Active

• Last Modified: 2026-01-30

• Related Issue: #6559

• Deciders: Julius, Jay (contributors: Doug, Andy, Matt, Yan-Yin)

• Tags: cms, storyblok, drupal, content

Context and Problem Statement

Simpler.Grants.gov needs a content management system to 1) reduce the time it takes for content changes to get into production, 2) enable content creators to self serve, and 3) reduce the dependency on developers to make content changes. Current bottlenecks can delay critical updates by days or weeks and distract frontend developers from focusing on more impactful feature improvements.

Which content management system is best suited for Simpler.Grants.gov?

Decision Drivers

• Ease of integration into our tech stack (specifically Next.js) and development practices

• A robust/configurable "Preview ⇒ Approve ⇒ Publish" workflow that's compatible with our production, lower, and local development environments

• Role-Based Access Control (RBAC)

• Cost saving advantages of vendor-hosted vs. self-hosted

  • The pros of vendor-hosted being managed infrastructure, automated updates and patching, and enterprise support; the cons being less control and (mostly) the higher dollar cost

  • The pros of self-hosted being full control over the tech stack, configurability, customization, and how/where the data is securely stored; the cons being developer time for maintenance

• Open source (although a secondary concern, this is relevant to the project's principles)

• FedRAMP certification

Options Considered

Nava explored the current headless CMS SaaS market landscape. Four options stood out as most appropriate for Simpler.Grants.gov. We stood up sandbox demo instances, consulted with vendor support/sales teams, and completed technical spikes (implementing a static page in each technology) to thoroughly evaluate each option. All provide the functionalities required by Simpler, including custom roles & permissions and configurable publishing workflows.

• Storyblok

• Decoupled Drupal

• Directus

• Payload CMS

(Other options considered, but determined less appropriate: Liferay DXP, Oracle Content Management, Strapi, Ghost, Headless WordPress, Contentful, Sanity, Hygraph)

Decision Outcome

Chosen option: Storyblok ("Enterprise Elite" plan)

Storyblok is the most feature-rich option out-of-the-box, with more advanced features that we're likely to actually use than other options. The Office of Grants is also already very familiar with using Storyblok to manage content on the existing Grants.gov.

However, Storyblok is only recommended if Simpler.Grants.gov's static site content can be hosted on Storyblok's managed hosting. Storyblok offers the choice of US-based servers, but they are not FedRAMP certified. And the Storyblok support team does not recommend (or want to support) running their product outside of their own cloud servers.

Advantages:

• Short-term, we can get Storyblok set up and running quickly

• Medium-term, training OG staff will be simple (already trained on existing instance)

• Long-term, low maintenance burden directs more engineering resources to product development

Risks:

• Long-term, a non-FedRAMP solution might affect Simpler Grants' own FedRAMP Certification efforts

Alternative options:

2nd choice: Drupal (self-hosted)

If Storyblok cannot be chosen because managed hosting requires FedRAMP certification, we would instead recommend self hosting Drupal.

Drupal provides full compliance control through AWS GovCloud or similar FedRAMP infrastructure. Being open-source, with a long history of support from an active community, Drupal is likely to remain relevant for beyond the life of this project's current vendors/contracts.

A self-hosted Drupal instance is by far the least expensive option. Although it comes with a cost of developer time in maintenance, Nava engineers have a great deal of Drupal experience that can be leveraged to provide a simple, streamlined content management system solution.

3rd choice: Drupal (managed hosting)

If managed hosting is preferred and FedRAMP certification is a requirement, Acquia is the trusted provider of managed, FedRAMP-certified Drupal hosting. However, this is the most expensive option considered. It's far more expensive than developer time needed to manage a self-hosted Drupal instance. The service comes at a premium, and provides features and functionalities we'd likely not leverage, considering the basic needs Simpler.Grants.gov has of a content management system.

Feature & price comparisons

Estimates, based on conversations with each product's support/sales team:

Advantages & risks of the options

Storyblok

Storyblok is a great solution for our use case. It's more feature-rich than other options out-of-the-box. The ease of a hosted solution, and the straightforward requirements for supporting content in the application are appealing. Our evaluation spike required very little effort to set up a static page. And the experience for non-developers will be the most intuitive among the options.

Their pricing tiers are based on usage:

• Low | 100K API requests, 500 assets, 0.4TB traffic — $51,326/year

• Suggested (by Storyblok support) | 100K API requests, 2,500 assets, 1TB traffic — $64,152/year

• High | 1M API requests, 10K assets, 1TB traffic — $74,844/year

All tiers include: 10 user seats, 2 spaces (prod + non-prod), unlimited custom roles/workflows, US server location.

• Advantages

  • Office of Grants is already very familiar with using Storyblok to manage content

  • Best "WYSIWYG" visual editor that shows exactly how changes appear before publishing

  • Great separation of code and content, easy to integrate into out stack

  • Managed hosting (can choose to host on US-based servers only) keeps us up-to-date with the latest features, w/ zero maintenance burden on internal dev team

  • Very responsive support team (plan includes dedicated point of contact / solutions engineer)

• Risks

  • May prevent long-term FedRAMP certification for Simpler.Grants.gov

  • Not open-source

  • Includes fancy features we'd likely not leverage (e.g. AI content generation)

See Storyblok CMS Evaluation

Self-hosted Drupal

Drupal stands out as a battle-tested, enterprise-grade content management system for federal agencies modernizing digital services. With more than two decades of active development and a mature government user base, it is an open-source, secure, and scalable solution that lowers total cost of ownership without compromising on capabilities.

• Advantages

  • Open source (with a large community)

  • Significant cost savings ($0 licensing fees)

  • Nava expertise and experience (while reducing vendor lock-in with an open, competitive market of qualified government contractors ensuring flexibility)

  • Enterprise-grade security and compliance that's trusted across government (Drupal powers over 400 U.S. government websites, including VA, SEC, NASA, FEMA, Department of Energy, NIH, U.S. Courts…)

  • Rapid patch response from a dedicated security team and public vulnerability disclosure process that ensure swift mitigation of threats

  • Natively supports federal mandates: Section 508, FISMA, and FedRAMP-compliant implementations are standard practice

  • Handles millions of visitors per month for high-demand public sites

  • Flexible architecture for future needs

• Risks

  • Requires internal developer time to configure, maintain, upgrade, patch

  • Marginally increased AWS costs (esitimated $300/month)

  • Its generic, utilitarian UI/UX is not as intuitive or polished as Storyblok

Acquia

In addition to the benefits of self-hosted Drupal (listed above), Acquia provides enterprise-level managed hosting and support. It's the clear (only?) choice for FedRAMP-certified, managed Drupal hosting.

Cost is estimated at $168K–213K/year:

• FedRAMP Acquia Cloud Plus (5M views) and Enterprise Security Package: $92.5k

• Optional Add ons:

  • $75k Acquia Shield VPN/VPC

  • $45k Technical Account Management Team

(depends on secutity and support needs)

• Advantages

  • Managed hosting = less internal developer time maintaining, upgrading, patching

• Risks

  • More expensive than developer time needed to manage a self-hosted Drupal instance

  • Provides level of support we'd likely not leverage

See Acquia Drupal CMS Evaluation

Directus

Directus is a good choice regardless of hosting. It can be self-hosted "for free" (with a paid license).

Their most robust Tier 3 Enterprise Cloud plan is $3,200/month for a production environment + $800/month for an additional staging environment + $500/month for each additional sandbox environment. We'd need only production (which can handle the entire content workflow, with drafts and preview available in lower frontend environments) and one sandbox environment (for specific testing and development without affecting prod), which would be $35,520/year, including a 20% open-source/gov discount. However, it's quite possible their lower tiers would suffice — at $19,200/year for Tier 1, and $25,920/year for Tier 2.

If we prefer to self host, Directus requires an $1K/month license. With the 20% discount, this would be $9,600/year.

Regardless of hosting, additional user licenses are $15/month (10 are included).

Directus also provides basic support for $300/month (free with Enterprise Cloud plans) or premium support for an additional $300/month with either hosting option. Basic support will likely suffice for our implementation.

Advantages

• Kind of a middle ground between Drupal and Storyblok in terms of what they offer.

• Likely more user friendly than Drupal, while still being an open source offering.

• Ideal for developers who want full control over their database and who prefer to adapt the CMS to an existing schema. Intended for projects requiring a high degree of customization and flexibility (or with existing SQL/schemas).

• Since it can be self- or vendor-hosted, it would be a matter of preference.

Risks

• Not FedRAMP certified

• Although the code is open-source, it is unclear how the required licensing fee might affect cost and usage long-term

• Potentially more difficult to use than other options, and may require more customization

See Draft Directus CMS Evaluation

Payload CMS

Payload CMS is a newer, developer-focused content management system built for integrating tightly with Next.js applications. It's gaining rapid traction among Next.js developers. So we did our due diligence to understand its appropriateness for Simpler. In summary, Payload is very cool, but we'd not leverage its most impressive features.

• Advantages

  • Tightly coupled w/ Next.js

• Risks

  • Tightly coupling a non-critical service to a critical one is something we should try to avoid

  • Would require major code refactor

  • Self-hosted only (not a managed-hosting option)

See Payload CMS Evaluation