Compliance Assessment Tool
for DoD Contractors and MSPs.

Easy enough for the self-reliant small-business.
Powerful enough for the compliance professional.

Compliance Assessment Platform

Perform an Assessment

NIST 800-171 contains 110 requirements. Assess your organization to determine where you stand. This is often referred to as a Gap Analysis or a Readiness Assessment.

Produce Formal Documentation

Create your System Security Plan (a formal document describing how you satisfy the 110 requirements) and POA&Ms (remediation plans for the requirements you don't satisfy).

Submit your Score

Generate your score based on your System Security Plan using the NIST SP 800-171 DoD Assessment Methodology, and submit it to DOD's Suppliers Performance Risk System.

Implement Remediations

Address the requirements you don't satisfy by changing configurations, deploying solutions, or updating your company policies.

Monitor & Update

Keep an eye on your organization, and update your documentation periodically to accurately reflect your security posture.

Compliance Assessment Platform

Compliance Assessment Platform

Built with Service Providers in Mind

More Efficient Engagements

Faster, more efficient client engagements with discounted assessments purchased only when you need them.

Everyone Working Together

Invite your team or client to participate in the assessment or simply view your progress.

Flexible, Multi-Tenant Design

Create as many isolated client-tenants as you need complete with independent administration.

Add Lasting Value to your Engagements

Leave your clients with access to their assessment and documentation after your engagement ends, or transfer ownership of the account entirely.

THE ONLY

Zero Trust SaaS

IN THE INDUSTRY
We take security as seriously as you do, but in the spirit of NIST's Zero Trust security model, we're not asking you to take our word for it. Your assessment data is auto-encrypted, keystroke-by-keystroke, with a unique encryption key you generate before it's sent to our servers.

We couldn't decrypt your data even if we wanted to.