Free self-assessment — no account required

Know where you stand.
Fix what's broken.

Guided compliance assessments for defense contractors and federal vendors. Get a prioritized gap report in under 20 minutes — no consultant required.

Start free assessment See how it works

CMMC Level 1 · NIST CSF 2.0 · NIST 800-53 Rev 5 · FedRAMP Tailored

The problem

Small contractors have three bad options

If you're a 20-person defense contractor in Northern Virginia trying to get CMMC-compliant, your current options all have serious problems.

Option 1

Hire a full-time GRC analyst

Deep expertise, but most small contractors can't justify a dedicated security hire before they've won the contracts that require it.

$80–100k/year

Option 2

Pay a consulting firm

Point-in-time assessment that goes stale in 6 months. You get a report, not a program. And you're back to square one next year.

$15–50k per engagement

Option 3

Wing it with a spreadsheet

Most common option. No prioritization, no guidance, no evidence structure. Hope you pass the audit — and hope the auditor doesn't ask hard questions.

$0 now, unknown later

Coverage

Every framework that matters for federal work

Built from real control validation experience — not a framework PDF. Each assessment maps plain-English questions to actual controls, with remediation guidance written for your environment.

DoD / Defense

CMMC Level 1

Required for all DoD contractors handling Federal Contract Information. 17 practices across 6 domains. The entry point for any defense contractor.

17 practices · 51 questions · 6 domains

General

NIST CSF 2.0

The updated cybersecurity framework with the new Govern function. Applicable to any organization. Good starting point if you're not sure where to begin.

18 categories · 54 questions · 6 functions

Federal

NIST 800-53 Rev 5

The federal security control catalog. Required for FISMA compliance and ATO packages. Scoped to the 10 control families that matter most for your environment.

30 controls · 90 questions · 10 families

FedRAMP

FedRAMP Tailored

The lightest FedRAMP baseline for low-impact SaaS vendors selling to federal agencies. The realistic entry point for small software companies pursuing federal customers.

24 controls · 72 questions · 8 families

How it works

A guided audit, not a checklist

Each section walks you through the controls that matter, in plain English, with context for why they matter and exactly what to do if you're failing.

Pick your framework

Choose the standard that applies to your situation. Not sure? Start with CMMC Level 1 if you have DoD contracts, or NIST CSF 2.0 for a broader baseline.

Answer the questions

Work through plain-English questions organized by control family. Yes, No, Partial, or N/A. No jargon. No framework citations. Just real questions about your real environment.

Get your gap report

See your compliance score, every failing control sorted by risk level, and specific remediation steps for your environment — not generic guidance copy-pasted from a framework document.

Pricing

Start free. Upgrade when you're ready.

The assessment is free forever. Pro features are for organizations that need saved results, document generation, and ongoing monitoring.

Free

forever

All 4 framework assessments
267 plain-English questions
Real-time compliance scoring
Prioritized gap report
Remediation guidance per control
No account required

Start assessment

Coming soon

Growth

$299

per month

Everything in Free
Saved assessments across sessions
PDF gap report export
Auto-generated SSP and POA&M
Evidence locker per control
2 frameworks simultaneously
Quarterly reassessment reminders

Get notified at launch

Pro

$599

per month

Everything in Growth
All frameworks
Multi-user access
White-glove onboarding call
Priority support
Expert review add-on ($299 flat)

Get notified at launch

Get notified when Pro launches

Drop your email and we'll let you know when saved assessments, document generation, and the evidence locker go live. No spam.

No spam. Unsubscribe anytime. We don't sell your data.