CMMC NOW IN EFFECT: All new DoW contracts now require CMMC compliance

Find Every Gap Before Your Auditor Does

Multi-cloud compliance scanning with specific remediation for every finding. CLI scanner for engineers. Desktop dashboard for teams. Evidence packages your auditor expects.

SOC2 PCI-DSS v4.0 CMMC L1 + L2 HIPAA CIS Benchmarks NIST 800-53 ISO 27001 FedRAMP
350+
Automated Checks
9
Compliance Frameworks
4
Cloud Providers
30 min
To Full Results
Start 14-Day Free Trial

14-day free trial • $297/month after trial • Cancel anytime

Stop Paying Consultants to Run Scans

What AuditKit Replaces

AuditKit replaces expensive consultants, not your auditors. You still need your auditor for official certification -- CPA for SOC2, QSA for PCI-DSS, C3PAO for CMMC -- but you arrive at that assessment already knowing:

  • Exactly which controls you're failing
  • Specific AWS/Azure/GCP configurations to fix
  • What evidence your auditor will ask for
  • That you'll pass before paying the assessment fee
Traditional approach

Pay consultants $50K to tell you what's wrong, then pay auditors to verify you fixed it.

AuditKit approach

Pay $297/month to know what's wrong, fix it yourself, then pay your auditor knowing you'll pass.

That's $46,000+ back in your budget.

One Platform, Two Interfaces

A CLI scanner for engineers who automate everything, and a desktop dashboard for teams who need visibility. Both included.

CLI Scanner

Terminal-based scanning for engineers. Run compliance checks from your command line, integrate with CI/CD pipelines, automate with cron. Works in air-gapped environments with zero external dependencies.

  • 350+ automated checks across 9 frameworks
  • AWS, Azure, GCP, Microsoft 365
  • PDF, HTML, JSON, CSV output
  • Fix scripts for every finding
./auditkit-pro scan -framework soc2 -verbose

Desktop GUI

Everything the CLI does, made visual. A local web dashboard with real-time compliance scores, findings explorer, scan history, and evidence management. Runs in your browser, no cloud dependencies.

  • Real-time compliance scores and trends
  • Search and filter findings by severity
  • Scan history with drift tracking
  • Evidence package management
./auditkit-pro-desktop --port 1337

Desktop GUI

Web-based dashboard that runs locally. No cloud dependencies. Air-gap compatible.

Visual Dashboard

Real-time compliance scores, trends, and critical findings at a glance. Track progress across all your cloud accounts and frameworks.

Scan History & Findings

Browse all past scans with search and filtering. Drill into findings by severity, framework, or provider. Export to PDF/HTML/CSV.

Everything in One Place

Evidence packages, exception management, drift detection, and scheduled scans -- all accessible from your browser. No cloud account required.

# Run the Desktop GUI ./auditkit-pro-desktop # Browser opens to http://localhost:1337 # Change port if needed: ./auditkit-pro-desktop --port 8080

How It Works

# 1. Install AuditKit (GitHub access provided after signup) git clone git@github.com:guardian-nexus/auditkit-pro.git cd auditkit-pro/scanner go build ./cmd/auditkit-pro # 2. Run your first compliance scan (30 minutes) ./auditkit-pro scan -provider aws -framework soc2 -verbose # Output shows you exactly what's failing and how to fix it ✗ FAIL | CC6.6 | MFA Not Enforced → 3 IAM users without MFA: admin-user, deploy-bot, john.doe → Remediation: aws iam enable-mfa-device --user-name admin-user → Evidence needed: IAM console screenshot showing MFA enabled ✓ PASS | CC6.1 | CloudTrail Logging Enabled → Frameworks: SOC2 (CC6.1), PCI-DSS (10.2.2), CMMC (AU.L2-3.3.1) # 3. Fix issues and re-scan (unlimited) ./auditkit-pro scan -provider aws -framework soc2 -verbose # 4. Generate auditor-ready evidence package ./auditkit-pro evidence-package -framework soc2 -output ./audit-evidence # 5. Walk into your audit knowing you'll pass ✓ 64/64 controls passing - ready for assessment

Built for CMMC Level 2

All 110 CMMC Level 2 practices automated. Know exactly what to fix before your C3PAO assessment.

110
CMMC L2 Practices
30 min
To Identify All Gaps
$50K+
Savings vs Consultants
4
Cloud Providers

Defense Contractors

CMMC is now in effect for all new DoW contracts. AuditKit scans all 110 Level 2 practices across your AWS, Azure, GCP, and M365 environments, generates C3PAO-ready evidence packages, and gives you specific remediation commands for every gap.

The Community Edition covers CMMC Level 1 (17 practices) for free. AuditKit adds all 110 Level 2 practices, multi-account scanning, evidence packages, and continuous monitoring.

# CMMC Level 2 scan with evidence package ./auditkit-pro scan -provider aws -framework cmmc -verbose ✗ FAIL | AC.L2-3.1.3 | CUI access controls missing → Remediation: aws iam create-policy \ --policy-document file://cui-policy.json → Evidence needed: IAM policy JSON + console screenshot # Generate C3PAO-ready evidence package ./auditkit-pro evidence-package -framework cmmc -output ./cmmc-evidence ✓ Evidence package generated: cmmc-evidence.zip

Core Features

Multi-Account Scanning

Scan entire AWS Organizations, Azure Management Groups, and GCP Folders with one command. Unified compliance reports across all accounts. Perfect for separate dev/staging/prod environments.

./auditkit-pro scan -framework soc2 --org-scan

Evidence Packages

Generates auditor-ready ZIP files with configuration dumps, logs, and documentation in the format auditors expect. Saves 40+ hours of manual evidence collection per assessment.

./auditkit-pro evidence-package -framework soc2

Custom Controls NEW

Define your own security checks in YAML. Create organization-specific controls, tag requirements, naming conventions, and resource count validations. Execute custom checks alongside built-in frameworks.

./auditkit-pro scan --custom-controls my-controls.yaml

Continuous Monitoring

Scheduled scans with automated alerting via syslog, email, or webhook. Detects compliance drift in real-time between assessments. Air-gapped friendly.

./auditkit-pro daemon start -schedule "0 2 * * *"

Drift Detection

Compare dev/staging/prod environments to identify configuration drift. Ensures consistent security posture across all environments before your audit.

./auditkit-pro drift-check -environments "dev,prod"

Offline Mode

Cache scan results locally for air-gapped environments. Run scans without cloud connectivity, replay cached results anytime. Essential for classified networks.

./auditkit-pro scan --offline --cache-file scan.json

Auditor-Ready Evidence Packages

The evidence-package command generates organized ZIP files with evidence for every control.

audit-evidence/ ├── 00-AUDIT-README.md # Instructions for auditors ├── 00-EXECUTIVE-SUMMARY.md # High-level summary ├── 01-compliance-report.pdf # PDF report ├── 01-compliance-report.html # HTML report (interactive) ├── 02-scan-results.json # Machine-readable results ├── 03-failed-controls/ # Evidence for failed controls │ ├── AC.1.001-access-control/ │ │ ├── README.md # Control details │ │ ├── evidence.txt # Scan evidence │ │ ├── screenshot-guide.md # Verification steps │ │ ├── console-urls.txt # Direct links │ │ └── remediation.sh # Fix script ├── 04-passed-controls/ # Evidence for passed controls ├── 05-manual-controls/ # Manual verification needed └── audit-evidence.zip # Complete ZIP archive

What AuditKit Finds

Representative scenarios from real compliance scans.

CMMC Level 2 Scan

Defense contractor • AWS + Azure

23 gaps identified in 28 minutes across access control, audit logging, and CUI handling. Specific remediation commands for each. Evidence package generated for C3PAO review.

SOC2 Audit Prep

SaaS company • AWS

Evidence package replaced 40+ hours of manual screenshot collection. PDF report, JSON export, and organized evidence ZIP ready for CPA review in one command.

PCI-DSS Assessment

E-commerce • AWS + GCP

Flagged SSH ports open to 0.0.0.0/0, unencrypted RDS instances, and missing CloudTrail logging -- findings that would have caused an immediate QSA failure.

Frequently Asked Questions

What compliance frameworks does AuditKit support?

AuditKit supports SOC2, PCI-DSS v4.0, CMMC (Level 1 + Level 2), HIPAA, NIST 800-53, CIS Benchmarks (AWS, Azure, GCP), ISO 27001, and FedRAMP. Cross-framework mappings mean a single scan maps findings across all applicable frameworks simultaneously.

Do I still need an auditor?

Yes. AuditKit replaces consultants, not auditors. You still need your CPA for SOC2, QSA for PCI-DSS, or C3PAO for CMMC. AuditKit ensures you arrive at that assessment already knowing every gap is fixed and your evidence is organized -- so you pass on the first attempt instead of paying for a failed audit.

How is this different from hiring consultants?

Consultants charge $15-30K just to run scans and tell you what's wrong, then another $20-40K for remediation guidance. AuditKit runs the same scans for $297/month and gives you specific fix-it commands for every finding. You may still want consultants for complex architecture decisions, but you won't pay them $50K+ to run automated scans.

What's the difference between the CLI and Desktop GUI?

Both are included in your subscription. The CLI scanner is a terminal-based tool for engineers -- great for automation, CI/CD integration, and scripting. The Desktop GUI is a local web dashboard that provides the same scanning capabilities with visual compliance scores, findings explorer, scan history, and evidence management. Use whichever fits your workflow, or both.

Does this work for CMMC Level 2?

Yes. AuditKit scans all 110 CMMC Level 2 practices across AWS, Azure, GCP, and Microsoft 365. It generates C3PAO-ready evidence packages and specific remediation commands for every gap. The Community Edition covers CMMC Level 1 (17 practices) for free.

Can I re-scan after fixing issues?

Yes, unlimited re-scanning is included. Fix issues, re-scan immediately, and track compliance progress over time. No per-scan fees, no usage limits. Most customers scan daily during their prep period.

How does the 14-day trial work?

Click "Start 14-Day Free Trial" to begin. You'll receive GitHub access to the private AuditKit repository within 24 hours. Full access to all features including the Desktop GUI. Cancel anytime during trial -- no questions asked.

Do all features work in air-gapped environments?

Yes, all features work offline including the Desktop GUI, daemon, evidence package generator, and drift detection. No cloud account, no SaaS dashboard, no telemetry. The tool runs wherever you have credentials.

What if I'm already working with consultants?

Use AuditKit to validate their work. Run scans after they make changes to verify gaps are actually fixed. Many customers use this to reduce consultant hours by 50%+ since you're not paying them to manually check configurations.

Know Exactly Where You Stand in 30 Minutes

350+ automated checks. 9 compliance frameworks. Specific remediation for every finding. Evidence packages your auditor expects. CLI + Desktop GUI included.

Start 14-Day Free Trial

14-day free trial • $297/month after trial • Cancel anytime • No setup fees