Oh I see what you mean! I think I'll keep with either centos or redhat due to the ability to receive updates on vulnerabilities then. FedRamp stuff does require CVEs to be handled in a timely fashion.
Compliance and security are extremely important. Because of Talos’ single purpose nature and extreme small size it hasn’t needed patches for the recent “big” CVEs (xz utils, SSH, etc) because we don’t even have that software present.
FWIW Talos has DoD users from multiple countries. The areas that need a lot of security have repeatedly chosen Talos when they compare it to traditional Linux distros.