CMMC Level 2 Required for DoD Contracts by November 10, 2025 · Get Assessment-Ready in 30 Days

AuditKit

Stop paying $50K per framework. One scanner, five frameworks, four cloud providers.

SOC2 PCI-DSS CMMC L1 HIPAA NIST 800-53
View on GitHub Quick Start Get Pro ($297/mo)

The Problem

Compliance is Expensive

Consultants charge $50K+ per framework. SOC2, PCI, HIPAA, CMMC? That's $200K just to understand what you're missing.

Tools Don't Tell You What to Fix

Cloud security scanners find issues but don't explain how to fix them or what evidence auditors need.

Manual Evidence Collection Sucks

Spending weeks taking screenshots and compiling evidence packages for auditors is mind-numbing work.

The Solution

$ auditkit scan -provider aws -framework soc2 -verbose
# Scanning 64 SOC2 controls across AWS...

✗ FAIL | CC6.6 | MFA Not Enforced Evidence: 3 IAM users without MFA: admin-user, deploy-bot, john.doe Remediation: aws iam enable-mfa-device --user-name admin-user Screenshot Guide: IAM → Users → Security credentials → Show MFA enabled Console URL: https://console.aws.amazon.com/iam/home#/users

✓ PASS | CC6.1 | CloudTrail Logging Enabled Evidence: CloudTrail enabled in all regions, logs encrypted Frameworks: SOC2 (CC6.1), PCI-DSS (10.2.2), CMMC (AU.L2-3.3.1)

# Scan complete: 58/64 passing (91%) # PDF report: compliance-report.pdf # Evidence tracker: evidence-tracker.html

Multi-Cloud Coverage

One tool. Four cloud providers. Stop juggling separate scanners.

4
Cloud Providers
210+
Total Checks
5
Frameworks
$0
Free Version Cost

AWS

64+

IAM, S3, EC2, CloudTrail, KMS, RDS, VPC

Azure

64+

Entra ID, Storage, NSGs, SQL, Key Vault

GCP

170+

Cloud Storage, IAM, Compute, SQL, KMS, Logging

Microsoft 365

29+

Entra ID via ScubaGear integration

Free Version

  • SOC2 complete (64 controls)
  • PCI-DSS v4.0 (30+ controls)
  • CMMC Level 1 (17 practices)
  • AWS, Azure, GCP, M365
  • PDF/HTML/JSON reports
  • Evidence collection guides

Pro Version ($297/mo)

  • CMMC Level 2 (110 practices)
  • GCP Advanced (GKE + Vertex AI)
  • Multi-account scanning
  • Evidence package generator
  • Continuous monitoring daemon
  • Drift detection
  • Priority support
Learn More

Installation

# Quick install (Go required) go install github.com/guardian-nexus/auditkit/scanner/cmd/auditkit@latest
# Or build from source git clone https://github.com/guardian-nexus/auditkit.git cd auditkit/scanner && go build ./cmd/auditkit
# Run your first scan ./auditkit scan -framework soc2 -format pdf -output report.pdf
# Multi-framework scan ./auditkit scan -framework all -format pdf
# Azure scan az login export AZURE_SUBSCRIPTION_ID="your-subscription-id" ./auditkit scan -provider azure -framework soc2
# GCP scan gcloud auth application-default login export GOOGLE_CLOUD_PROJECT="your-project-id" ./auditkit scan -provider gcp -framework soc2

Who Should Use This

Perfect For

  • Defense contractors needing CMMC compliance
  • Startups facing SOC2 + PCI + HIPAA simultaneously
  • Companies quoted $50K+ per framework
  • Engineers who prefer fixing things themselves
  • Multi-cloud organizations
  • Teams tired of running 5 different scanners

NOT For You If

  • You need someone to do compliance for you
  • You want a magic "pass audit" button
  • You need vendor certifications
  • You require hand-holding

Need CMMC Level 2?

Required for DoD contractors handling CUI. Assessment-ready in 30 days vs 6+ months.

110
CMMC Level 2 Practices
30
Days to Assessment-Ready
$297
Per Month
$146K
Savings vs Traditional
Start 14-Day Free Trial

$297/month • Assessment-ready in 30 days • Cancel anytime