/assess

Evaluates organizational readiness for StateRAMP authorization to provide cloud services to state/local governments at low/moderate impact level with optional target state.

Applies NIST 800-53 overlays (FedRAMP, DoD, Privacy, CMMC, etc.) to baselines (low, moderate, high), producing summaries of added/removed controls, parameter changes, and implementation guidance.

Evaluates FedRAMP 20X Key Security Indicators (KSI) compliance by category or all, using optional evidence path. Outputs status, automation readiness, gap analysis, and recommendations.

Performs structured gap analysis against compliance frameworks like FedRAMP or SOC2 for a given scope, generating assessment templates, interactive worksheets, gap summaries, heat maps, and remediation roadmaps.

Assesses CMMC v2.0 readiness for target level (1-3) with optional scope, producing compliance score, domain gaps, practice status, C3PAO preparation, and remediation roadmap.

Assesses HITRUST CSF readiness for specified type (i1, r2, e1) and optional scope, producing readiness score, domain breakdowns, gap analysis, and remediation roadmap.