Sentinel is the entry point for putting a virtual CISO inside your tenant on a monthly cycle. Aegis AI™ runs read-only against your AWS, Azure, Microsoft 365, Okta, or CrowdStrike telemetry and refreshes your control matrix, evidence binder, risk register, and POA&M every 30 days — mapped to whichever framework your auditor reads. NIST CSF and CMMC 2.0 live today; SOC 2, ISO 27001, HIPAA, PCI-DSS, and GDPR by request. Your security leader reviews and approves before anything reaches the auditor.
What Sentinel covers
- Mapped to whichever framework your auditor reads. NIST CSF 2.0 and CMMC 2.0 live today; SOC 2 Trust Services Criteria, ISO 27001 Annex A, HIPAA Security Rule, PCI-DSS v4.0, and GDPR Article 32 controls onboarded per engagement (by request). Sentinel is not a single-framework tool — the scope of available coverage is the same as Sovereign. What changes across tiers is cadence, entity count, and concierge level, not framework breadth.
- Monthly control validation cycle. Aegis AI runs your full control matrix on a 30-day rhythm. Each cycle produces a refreshed evidence binder, an updated risk register, and a POA&M with target close dates.
- One legal entity. Sentinel scope is a single corporate entity — one VAT/EIN, one production tenant per cloud, one Okta org. If your control plane spans subsidiaries, Vanguard or higher is the right starting point.
- Email support during business hours. Reach
[email protected]for any question about the work product. Same-business-day reply, Monday through Friday. - Audit-ready binder. Each control objective mapped to the evidence artifact, the source system, the responsible owner, and the last validation timestamp. Your CPA, certification body, HIPAA assessor, or PCI QSA opens it and starts validating, not asking for clarification.
The 30-day cycle, in plain English
- Minute 0. Stripe processes your subscription. Welcome email + intake link.
- Minutes 5–15. Intake. Connectors. Read-only, revocable in 30 seconds.
- Hours 1–8. First scan. First deliverable bundle: control matrix mapped to your chosen framework, evidence binder, risk register, POA&M, executive summary. All reviewed before send.
- Day 30. Second cycle. Drift since the last cycle is flagged; new evidence is captured; the POA&M reflects what closed and what slipped.
- Every 30 days thereafter. Same cycle. Card on file charged $4,500 monthly until you cancel in your Stripe billing portal.
What Sentinel is good for
Security leaders who have one production environment, one cloud footprint, and an audit on the horizon — NIST CSF or CMMC 2.0 live today, or SOC 2 Type II, ISO 27001, HIPAA, PCI, GDPR by request. You want continuous control validation without hiring a full-time vCISO consultant, and you can absorb a 30-day refresh cadence between auditor walk-throughs. If your scope grows or your cadence needs tighten, you move up to Guardian, Vanguard, Fortress, or Sovereign without re-implementation.
What Sentinel is not
- Not a substitute for your auditor. SOC 2 attestations come from CPA firms; ISO 27001 certifications come from accredited certification bodies; HIPAA and PCI from independent assessors and QSAs. Aegis AI is the readiness software you use before they arrive.
- Not multi-entity. One legal entity per Sentinel subscription. If your control plane spans more than one corporate entity, see Vanguard (up to 3) or Fortress (up to 10).
- Not weekly or continuous. If you need a tighter cycle, see Guardian (bi-weekly), Vanguard (weekly), or Fortress / Sovereign (continuous).
Start your subscription
$4,500/month, billed monthly. Annual prepay: $45,000/yr (one month free). Month-to-month flexibility — see the Refund Policy for full cancellation mechanics. If you ran the $1,995 Multi-Framework Readiness Snapshot in the last 30 days, it credits 100% to month one.
OFAC and Authorized Signatory certification required at checkout. Service is for organizations not subject to U.S. sanctions and signed by an officer authorized to bind the company.
Subscribe to Sentinel — Monthly →