Garde1. CMMC readiness, automated from scope to assessment.

The Platform

One workspace for your entire CMMC program.

Every artifact, control, evidence record, remediation task, and audit export. All in one structured workflow. Six product modules, one continuous compliance system.

M01 · READINESS

LIVE

Readiness Dashboard

Live scoring across all 14 CMMC domains with drill-down to control-level evidence. Built for execs, audit-ready for assessors.

Access Ctl100%

Audit & Acct89%

Awareness8%

Config Mgmt55%

M02 · DOCUMENTS

SYNCED

Policy & Document Generation

20+ policies, the SSP, and POA&M generated against your real environment. Kept current automatically.

Access Control Policyv3.1

System Security PlanLIVE

POA&Mauto

IR Planv2.4

M03 · EVIDENCE

STREAMING

Evidence Collection

Stop chasing screenshots. Pull live evidence from the systems you already use, automatically mapped to controls.

M365 → AC family+47 art / 12s

AWS → AU/CM+12 art / 2m

Okta → IA142 enrolled

Splunk → SIlive stream

M04 · TASKS

7 OPEN

Remediation Tasks

Failed controls become assigned work. Owners, due dates, evidence requirements, and a re-check on completion.

Enable MFA · svc acctsP0 · 4d

Extend AU retentionP1 · 6d

CIS baseline · 3 VMsP1 · 9d

AT.L2 trainingP2 · 14d

M05 · AUDIT

READY

Audit Export · C3PAO Portal

Give assessors validated evidence without rebuilding the file cabinet. Role-based access, signed exports, full audit trail.

SSP packagepost-eval

Evidence indexsigned

Assessor accountread-only

Audit logtamper-evident

M06 · BOUNDARIES

SCOPING

Scope & Boundary Modeling

Map your CUI boundaries, classify systems, and model your network topology with guided workflows. The precision only an RPO could deliver, delivered as software.

CUI boundary definitionin scope

System classification16 systems

Network topologylive map

Asset inventoryauto-synced

The Lifecycle

Accelerate the full CMMC lifecycle with intelligently built software.

Evidence-driven roadmap and action plans get you CMMC Level 2 ready in weeks.

SCOPE → DOCUMENT → CONNECT → MEASURE → PROVE

01

Scope

Map CUI boundary, classify systems, build asset inventory.

CUI · ASSETS · BOUNDARY

02

Document

Policies, SSP, and SOPs are generated from your scope.

POLICIES · SSP · SOPs

03

Connect

Plug in identity, cloud, endpoint, SIEM via OAuth or agent.

20 CONNECTORS

04

Measure

Score controls against live evidence, not policy text.

110 CONTROLS

05

Prove

Open the C3PAO portal. Signed exports, full chain.

C3PAO PORTAL

† Maintain — drift detection and continuous monitoring keep you certified after assessment.

① Connected Systems

Microsoft 365

live

AWS Security Hub

live

Okta

live

CrowdStrike Falcon

live

Splunk Cloud

live

Google Workspace

live

Windows agent · 89 hosts

live

② Evidence Repository

MFA enrollment142 records

Audit log retentionCloudTrail · 90d

Endpoint baseline89 hosts

Vuln scan resultsTenable · daily

Network diagrammanual · v4

Privileged access logsEntra · 30d

Backup attestationmanual · q

          MOSTLY AUTO · SOME MANUAL · INDEXED BY CONTROL
        

③ Validated Controls

12s ago AC.L2-3.1.1 · Validated PASS

2m ago AU.L2-3.3.1 · Validated PASS

8m ago CM.L2-3.4.6 · drift detected DRIFT

14m ago SI.L2-3.14.6 · Validated PASS

1h ago AC.L2-3.1.3 · MFA gap FAIL

3h ago IA.L2-3.5.3 · Validated PASS

          ▲ +4.2% READINESS · 30D
        

Capabilities

Assessment-ready artifacts.

Designed for assessment readiness and persistent compliance demonstration.
Accurate artifacts, automated collection, and continuous monitoring.

CAP·01

Documents generated from your environment.

Policies come first, generated from a guided onboarding questionnaire, tailored to your scope. The System Security Plan follows after your first evaluation, so it reflects measured reality, not aspiration.

Upfront14 policies and assessment artifacts from guided onboarding
Post-evalSystem Security Plan grounded in measured evidence
LifecycleProcedures, SSP, POA&M added. Most orgs land at 20-25 docs
DriftFlagged when reality diverges from documents

policies & documents live

Media Protection Policy

Policy

Governs how CUI is protected on physical and digital media (e.g. USB drives, backups, printouts), including sanitization and disposal.

PolicyIn Progress

Physical Protection Policy

Policy

The "locks and keys" policy. Defines how you control physical access to buildings, server rooms, and areas where CUI is located.

PolicyIn Progress

Risk Assessment Policy

Policy

The framework for how your organization identifies, analyzes, and responds to cybersecurity risks.

PolicyIn Progress

Identification & Auth Policy

Policy

The "digital ID" policy. Defines how users and devices are uniquely identified and verified before they can access anything.

PolicyIn Progress

Personnel Security Policy

Policy

Defines security processes tied to people, such as background screening, transfers, and termination, to mitigate insider risks.

PolicyIn Progress

Maintenance Policy

Policy

Sets the rules for how system maintenance is performed securely, ensuring that CUI isn't exposed during repairs or updates.

PolicyIn Progress

CAP·02

Evidence collected from the systems you already run.

20 pre-built connectors plus a Windows agent pull live evidence into the controls they map to. No more screenshots. No more spreadsheets. No more "where is that PDF" at 2am.

IdentityMicrosoft Entra · Okta · Google Workspace · Duo
CloudAWS · Azure · GCP. Security Hub, Defender, SCC
EndpointCrowdStrike · SentinelOne · Defender · Intune
SIEM & VulnSplunk · Elastic · Tenable · Rapid7 · Qualys
On-premDeep MDM support for baseline-based remediation

integrations · 20 available connectors live

Search integrations…

Identity (4) Cloud Security (4) Compliance (4) Vulnerability Mgmt (3) SIEM (2) Endpoint (1)

Available Connectors (20)

Configured Integrations (7)

Cloud Security

Beta

Microsoft 365 Security Suite

MicrosoftCloud Security

Comprehensive Microsoft 365 security including Defender for Endpoint, Intune device management, Purview data protection, and…

aws

AWS Security Suite

AWSCloud Security

Comprehensive AWS security suite including CloudTrail, Config, GuardDuty, and Security Hub.

Beta

Google Workspace Security

GoogleCloud Security

Google Workspace security features including device management, mobile security, and data protection.

CAP·03

Continuous evaluation against real evidence.

Garde1 scores controls against the actual configuration of your stack, not the policy text. When a control drifts, you know within hours, not at the next assessment.

CadenceWeekly automated runs · on-demand at Enterprise
ScoringSPRS ≥ 88 pass minimum · <85% fail · 85-99% triggers 180-day POA&M
DetectionRegressions caught within ~6h of config change
RoutingFailed controls auto-create owned tasks with re-checks

compliance status by domain live

Access Control

22 Controls

Limit information system access and protect against unauthorized access to CUI

Compliance100%

22 Compliant

Audit and Accountability

9 Controls

Create, maintain, and protect audit records to enable monitoring and investigation

Compliance89%

8 Compliant1 Not Assessed

Awareness & Training

3 Controls

Ensure personnel are trained to recognize and respond to cybersecurity threats

Compliance0%

3 Not Assessed3 Need Evidence

Configuration Management

9 Controls

Establish and maintain baseline configurations and inventories of systems

Compliance33%

3 Compliant2 Non-Compliant

Identification & Authentication

11 Controls

Verify the identities of users, processes, and devices

Compliance41%

4 Compliant1 Partial

Incident Response

3 Controls

Detect, respond to, and recover from cybersecurity incidents

Compliance100%

3 Compliant3 Need Evidence

CAP·04

The Agent.Compliance answers, never guesses.

Agent is a deterministic compliance copilot grounded in our CMMC model, not the open internet. Ask it about a control, an objective, or a gap in your environment. Every answer is black-and-white, cited, and tied to your real evidence.

SourceGrounded in our CMMC model · no open-web lookup
CitationsEvery answer cites control · objective · evidence
ContextReads your real environment before answering
UseDaily Q&A · onboarding · audit prep · assessor interviews

agent · grounded compliance model online

You

You · 2m ago

A

Agent · now

CITEDNIST SP 800-171 rev2 · §3.1.3

EVIDENCEEntra ID · 4 svc accts · synced 12s ago

FIXTask assigned · security lead · due 4d

You

You · now

Pricing

Priced like software,
not consulting.

Traditional consulting can run $50K-$200K and still leave you with manual evidence work.

Garde1 gives you a structured software workflow that stays active continuously, before, during, and after your assessment.

Try free for 14 days (no credit card required)

Feature	Trial Free · 14 days	Starter $1,999/mo	Professional $3,499/mo	Enterprise Custom
Max Users	5	3	25	Unlimited
Connectors	2	1	3	Unlimited
Assessment Boundaries	✓	✓	✓	Unlimited
Assessments / Month	3	5	20	Unlimited
Assessment SLA	—	24-48h	4-8h	1-2h
SSO	—	—	✓	✓
SCIM Provisioning	—	—	—	✓
API Access	—	—	✓	✓
Remediation Workflow	—	—	✓	✓
Audit Logs	—	—	—	✓

Partners · MSP / RPO

Managing CMMC for multiple clients?

Multi-tenant management, partner portal, co-branding, and volume pricing for Managed Service Providers and Registered Practitioner Organizations.

Speak with a Representative

One workspace for your entire CMMC program.

Readiness Dashboard

Policy & Document Generation

Evidence Collection

Remediation Tasks

Audit Export · C3PAO Portal

Scope & Boundary Modeling

Accelerate the full CMMC lifecycle with intelligently built software.

① Connected Systems

② Evidence Repository

③ Validated Controls

Assessment-ready artifacts.

Documents generated from your environment.

Evidence collected from the systems you already run.

Continuous evaluation against real evidence.

The Agent.Compliance answers, never guesses.

Priced like software,not consulting.

Managing CMMC for multiple clients?

Build and verify your CMMC Level 2 readiness before the clock runs out.

Priced like software,
not consulting.