Principle Security Principle Security.

Free interactive assessment

Map your security stack to the frameworks that matter

Tell us what tooling you run. We map it to CIS Controls v8, NIST CSF 2.0, CMMC 2.0, HIPAA, and SOC 2 — showing your coverage, your gaps, and where a tool can't help and program work begins.

Step 1

What's in your stack?

Search for products you use, or select tooling categories directly. Pick a framework to assess against.

Assess against

No tooling selected yet.

Step 2

Your coverage

Select your tooling, choose a framework, and hit Analyze my coverage.

How this works

Methodology & honest limits

We map each tooling category to the CIS Controls v8 safeguards it can help satisfy. Other frameworks (NIST CSF 2.0, CMMC 2.0, HIPAA, SOC 2) are assessed by mapping their control groups to those same CIS safeguards — so your tooling flows through one consistent bridge. These are indicative mappings for gap analysis, not an audit or compliance attestation.

Coverage means capability, not proof. Owning a tool doesn't mean it's configured, tuned, or operating effectively — that's where program work lives. We also flag safeguards that no tool can satisfy (process, policy, people). Those aren't a shopping list; they're the work of a security program.

Turn this map into a plan.

A gap list is a start. We build the program that closes it — prioritized, evidenced, and examiner-ready.