CMMC NOW IN EFFECT: DoW contracts now require CMMC compliance · Identify all 110 gaps in 30 minutes →

One scanner. 10+ frameworks.
Four cloud providers.

Stop paying $50K per framework. AuditKit scans your cloud infrastructure for SOC2, PCI-DSS, CMMC, HIPAA, CIS Benchmarks, NIST 800-53, and more -- then tells you exactly what to fix and what evidence auditors need.

SOC2 PCI-DSS CMMC HIPAA CIS Benchmarks NIST 800-53 ISO 27001 FedRAMP GDPR
View on GitHub Quick Start Get Pro ($297/mo)

The Problem

Compliance is Expensive

Consultants charge $50K+ per framework. SOC2, PCI, HIPAA, CMMC? That's $200K just to understand what you're missing.

Tools Don't Tell You What to Fix

Cloud security scanners find issues but don't explain how to fix them or what evidence auditors need.

Manual Evidence Collection Is Tedious

Spending weeks taking screenshots and compiling evidence packages for auditors is repetitive work that drains engineering time.

The Solution

$ auditkit scan -provider aws -framework soc2 -verbose # Scanning 64 SOC2 controls across AWS... ✗ FAIL | CC6.6 | MFA Not Enforced Evidence: 3 IAM users without MFA: admin-user, deploy-bot, john.doe Remediation: aws iam enable-mfa-device --user-name admin-user Screenshot: IAM → Users → Security credentials → Show MFA enabled Console URL: https://console.aws.amazon.com/iam/home#/users ✓ PASS | CC6.1 | CloudTrail Logging Enabled Evidence: CloudTrail enabled in all regions, logs encrypted Frameworks: SOC2 (CC6.1), PCI-DSS (10.2.2), CMMC (AU.L2-3.3.1) # Scan complete: 58/64 passing (91%) # PDF report: compliance-report.pdf # Evidence tracker: evidence-tracker.html

Multi-Cloud Coverage

One tool. Four cloud providers. Stop juggling separate scanners.

4
Cloud Providers
350+
Total Checks
10+
Frameworks
$0
Free Version Cost

AWS

90+

IAM, S3, EC2, CloudTrail, KMS, RDS, VPC, SageMaker, Redshift, ElastiCache, OpenSearch

Azure

64+

Entra ID, Storage, NSGs, SQL, Key Vault

GCP

170+

Cloud Storage, IAM, Compute, SQL, KMS, Logging

Microsoft 365

29+

Entra ID via ScubaGear integration

Free vs Pro

Free Version

  • SOC2 complete (64 controls)
  • PCI-DSS v4.0 (30+ controls)
  • CMMC Level 1 (17 practices)
  • HIPAA Security Rule (215 mappings)
  • CIS Benchmarks (AWS, Azure, GCP)
  • AWS (90+ checks), Azure, GCP, M365
  • Offline mode with scan caching
  • PDF/HTML/JSON/CSV reports
  • Evidence collection guides
  • NIST 800-53, FedRAMP, GDPR, ISO 27001 mappings

Pro Version ($297/mo)

  • CMMC Level 2 (110 practices)
  • Custom controls - define your own checks
  • GCP Advanced (GKE + Vertex AI)
  • Multi-account scanning
  • Evidence package generator
  • Exception & waiver management
  • Air-gapped/offline scanning (SCIF-ready)
  • Continuous monitoring daemon
  • Drift detection
  • Desktop GUI
  • Priority support
Learn More

Installation

# Quick install (Go required) go install github.com/guardian-nexus/auditkit/scanner/cmd/auditkit@latest # Or build from source git clone https://github.com/guardian-nexus/auditkit.git cd auditkit/scanner && go build ./cmd/auditkit # Run your first scan ./auditkit scan -framework soc2 -format pdf -output report.pdf # Multi-framework scan ./auditkit scan -framework all -format pdf # Azure scan az login export AZURE_SUBSCRIPTION_ID="your-subscription-id" ./auditkit scan -provider azure -framework soc2 # GCP scan gcloud auth application-default login export GOOGLE_CLOUD_PROJECT="your-project-id" ./auditkit scan -provider gcp -framework soc2

See It In Action

Real scan outputs and reports from actual environments

What a PASS Looks Like

Controls that meet compliance requirements show specific evidence of what's configured correctly.

✓ PASS | CC6.6 - Authentication Controls Root account has MFA enabled → Meets SOC2 CC6.6, PCI DSS 8.3.1, HIPAA 164.312(a)(2)(i) ✓ PASS | CC6.3 - Encryption at Rest All 15 S3 buckets have encryption enabled → Meets SOC2 CC6.3, PCI DSS 3.4, HIPAA 164.312(a)(2)(iv)

What a FAIL Looks Like

Failed controls show exactly what's wrong, how to fix it, and what evidence you'll need for auditors.

✗ FAIL | CC6.1 - Access Controls Issue: SSH open to 0.0.0.0/0 Security Group: sg-0ab56571076bcff37 (port 22) → Violates PCI DSS 1.2.1 Fix: aws ec2 revoke-security-group-ingress \ --group-id sg-0ab56571076bcff37 \ --protocol tcp --port 22 \ --cidr 0.0.0.0/0 Evidence needed: 1. Go to EC2 → Security Groups 2. Screenshot 'Inbound rules' tab 3. Show NO rules with 0.0.0.0/0 for port 22

Interactive HTML Reports

Generate professional compliance reports with scores, failed controls, remediation steps, and direct console links.

HTML Report Score Dashboard

View examples: SOC2CMMC

Want to see more examples?

Browse terminal scan outputs, PDF reports, console screenshots, and more evidence samples.

Browse All Examples →

Who Should Use This

Built For

  • Defense contractors needing CMMC compliance
  • Startups facing SOC2 + PCI + HIPAA simultaneously
  • Companies quoted $50K+ per framework
  • Engineers who prefer fixing things themselves
  • Multi-cloud organizations
  • Teams tired of running 5 different scanners

Not the Right Fit If

  • You need fully managed compliance services
  • You're looking for an automated certification solution
  • You need vendor certifications or attestations
  • You need guided implementation support

Frequently Asked Questions

Does this replace my auditor?

No. AuditKit automates technical control scanning, but you still need a CPA for SOC2 ($15-30K), a C3PAO for CMMC ($25-150K), or a QSA for PCI-DSS ($15-50K). AuditKit replaces the $30-100K technical consultant, not the certified assessor.

Does AuditKit modify my infrastructure?

No. AuditKit is read-only. It checks configuration and generates reports. It never modifies your infrastructure. The auditkit fix command generates a script for you to review and run manually.

What permissions does it need?

Read-only access only. AWS: ReadOnlyAccess policy. Azure: Reader role. GCP: roles/viewer. No write permissions required.

What's the difference between Free and Pro?

Free covers SOC2, PCI-DSS, CMMC Level 1, HIPAA, CIS Benchmarks, NIST 800-53, and 4 more frameworks via crosswalk mappings -- with single-account scanning. Pro adds CMMC Level 2 (110 practices), multi-account scanning, evidence packages, exception management, continuous monitoring, drift detection, air-gapped mode, and a Desktop GUI. See full comparison →

How is this different from Prowler or Scout Suite?

Prowler and Scout Suite are security scanners -- they find vulnerabilities. AuditKit is a compliance scanner -- it maps checks to SOC2, PCI-DSS, CMMC, and other frameworks, includes evidence collection guides, and generates auditor-ready reports. Use both: Prowler for security, AuditKit for compliance.

Need CMMC Level 2?

DoW contractors handling CUI must comply. Identify all 110 gaps in 30 minutes vs 30 days.

110
CMMC Level 2 Practices
30 min
To Identify All Gaps
$297
Per Month
$50K+
Savings vs Consultants
Start 14-Day Free Trial

$297/month • Know what to fix before paying a C3PAO • Cancel anytime