NIST 800-53 r5 seeded with full FedRAMP Low / Moderate / High baseline tagging. The baseline posture rollup answers the readiness question every FedRAMP-pursuing tenant asks.
For each FedRAMP baseline (Low, Moderate, High): your coverage, your passing rate, your average maturity. The view your 3PAO will ask for, available in the same dashboard your security team uses operationally.
Surfaces erosion before the re-authorization deadline. Weekly digest emails the GRC lead with the top divergent rows. PDF export for working papers.
Single-archive export bundles Decision Audit, Finding Lifecycle, Score Override Report, AI Generation Log, User Activity Log, and every assessment PDF for a date range. Manifest is signed for independent integrity verification — exactly what your 3PAO needs for the SAR package.
20 control families, 500+ controls plus enhancements. Cross-mapped to NIST CSF 2.0, ISO 27001, and SOC 2 — so a control rated for FedRAMP also establishes posture in the frameworks your commercial customers ask about.
FedRAMP baseline rollup is included in Enterprise.