Multi-Framework Readiness Snapshot™
Where do you actually stand against the framework your auditor reads — today, from your live cloud telemetry? NIST CSF and CMMC 2.0 live today; SOC 2, ISO 27001, HIPAA, PCI-DSS, and GDPR by request. Ten-question intake plus up to five optional read-only connectors (AWS, Azure, Microsoft 365, Okta, CrowdStrike). Per-framework gap matrix PDF in your inbox within hours. $1,995 credits 100% to month-1 of any tier within 30 days.
Run my Snapshot — $1,995 →Aegis AI™ vCISO subscription tiers
Five tiers. Same framework scope — NIST CSF and CMMC 2.0 live today; SOC 2, ISO 27001, HIPAA, PCI-DSS, and GDPR by request. Different cadence, entity coverage, and concierge level. The $1,995 Snapshot credits to month 1 of any tier within 30 days. Annual prepay is 10× monthly — one month free.
- Map to whichever framework your auditor reads (NIST CSF + CMMC 2.0 live; others by request) every cycle
- Monthly validation cycle
- One legal entity
- Email support, business hours
- Standard audit-defense exhibits
- Map to whichever framework your auditor reads (NIST CSF + CMMC 2.0 live; others by request) every cycle
- Bi-weekly validation cycle
- One legal entity
- Email + chat support
- Quarterly board narrative
- Map to whichever framework your auditor reads (NIST CSF + CMMC 2.0 live; others by request) every cycle
- Weekly validation cycle
- Up to 3 legal entities
- Email + chat + Slack Connect
- Named customer success manager
- Monthly board narrative
- Enhanced audit defense
- Map to whichever framework your auditor reads (NIST CSF + CMMC 2.0 live; others by request) — continuously
- Continuous (daily) validation
- Up to 10 legal entities
- Concierge SLA, 15-min P0 response
- Named escalation contact
- Audit-defense exhibit assembly
- Quarterly board + audit committee narrative
- Map to whichever framework your auditor reads (NIST CSF + CMMC 2.0 live; others by request) — continuously
- Continuous validation
- Unlimited legal entities
- Dedicated IR runbook
- Two named contacts, highest priority queue
- M&A-grade control mapping
- Board + audit committee + ad-hoc
OFAC and Authorized Signatory certification required at checkout. Service is for organizations not subject to U.S. sanctions and signed by an officer authorized to bind the company. Custom MSA, regulated industry overlays (FedRAMP, IL5+, FINRA, HITRUST inheritance), or scopes beyond unlimited: [email protected].
Tier comparison matrix
| Feature | Sentinel | Guardian | Vanguard | Fortress | Sovereign |
|---|---|---|---|---|---|
| Price / month | $4,500 | $8,500 | $17,000 | $33,500 | $60,000 |
| Price / year | $45,000 | $85,000 | $170,000 | $335,000 | $600,000 |
| NIST CSF 2.0 (live) | ✓ | ✓ | ✓ | ✓ | ✓ |
| CMMC 2.0 (live) | ✓ | ✓ | ✓ | ✓ | ✓ |
| SOC 2 (by request*) | by request* | by request* | by request* | by request* | by request* |
| ISO 27001 (by request*) | by request* | by request* | by request* | by request* | by request* |
| HIPAA (by request*) | by request* | by request* | by request* | by request* | by request* |
| PCI-DSS v4.0 (by request*) | by request* | by request* | by request* | by request* | by request* |
| GDPR (by request*) | by request* | by request* | by request* | by request* | by request* |
| * Live framework coverage = NIST CSF 2.0 + CMMC 2.0 today. SOC 2, ISO 27001, HIPAA, PCI-DSS, and GDPR are onboarded per engagement — reply to [email protected] with your audit timeline and we’ll confirm ETA before you commit. | |||||
| Validation cycle | Monthly | Bi-weekly | Weekly | Continuous (daily) | Continuous |
| Legal entities | 1 | 1 | Up to 3 | Up to 10 | Unlimited |
| Support channel | Email + chat | Email + chat + Slack Connect | Concierge SLA | Highest priority queue | |
| P0 response SLA | Same business day | Same business day | Same business day | 15 minutes | 15 minutes, named backup |
| Named contact | — | — | Named CSM | Named escalation | Two named contacts |
| Audit-defense exhibit assembly | Standard | Standard | Enhanced | ✓ | ✓ |
| Board narrative | — | Quarterly | Monthly | Quarterly board + audit committee | Board + audit committee + ad-hoc |
| M&A-grade control mapping | — | — | — | — | ✓ |
| Dedicated IR runbook | — | — | — | — | ✓ |
| $1,995 Snapshot credit (30 days) | ✓ | ✓ | ✓ | ✓ | ✓ |
How cancellation works
Subscriptions are monthly (or prepaid annual). Month-to-month, no long-term contract. Full mechanics and refund terms on the Refund Policy page.
What every tier includes
- Read-only telemetry connectors. AWS, Azure, Microsoft 365, Okta, CrowdStrike. Configured in minutes, revocable in 30 seconds. Configuration metadata only — no PHI, PCI cardholder data, or customer data harvested.
- Multi-framework control matrix. NIST CSF and CMMC 2.0 live today; SOC 2, ISO 27001, HIPAA, PCI-DSS, and GDPR by request. Every applicable control mapped to live evidence with SHA-256 hash and validation timestamp.
- Audit-ready binder. Pre-staged in the format your CPA firm, certification body, HIPAA assessor, or PCI QSA consumes during fieldwork.
- Risk register + POA&M. Every open gap with owner, target date, framework cross-reference, refreshed every cycle.
- Executive summary. One-page snapshot of posture across your in-scope frameworks, suitable for an internal weekly review or a board pre-read.
- DPA + BAA on request. Industry-standard Data Processing Addendum at every tier. HIPAA Business Associate Agreement available where applicable.
Aegis AI™ is not an auditor. SOC 2 attestations come from independent CPA firms; ISO 27001 certifications from accredited certification bodies; HIPAA from your designated assessor; PCI Reports on Compliance from independent QSAs. Aegis AI is the readiness software you use before they arrive. How each framework is covered →