The CSF you’ll
actually finish.
A NIST CSF 2.0 assessment platform built for consultancies and internal security teams who are tired of spreadsheets. Score, gap, and report — in days, not quarters.
Less spreadsheet. More signal.
Manual assessments.
- ×2–4 weeks per engagement
- ×$20K–$50K in consultant fees per assessment
- ×Policy docs shuttled over email and cloud drives
- ×Evidence tracked in 60-tab spreadsheets
- ×Generic questionnaires that miss nuance
Automated + traceable.
- →Under 10 minutes per assessment
- →From $149/mo — no per-assessment fees
- →Data never leaves your network (self-hosted Docker)
- →Citation-level evidence linked to source sentences
- →AI scans your actual policy docs — not a checklist
Three steps. No theatre.
Upload your documents.
Drop your security policies, procedures, and documentation — PDFs and Word docs supported. Stays on your network.
AI scans against CSF 2.0.
NISTForge analyzes every doc against all 106 subcategories. Evidence mapped to source sentences — not generic checkboxes.
Review, validate, report.
Human-in-the-loop validation. Generate white-label PDFs — executive summary, technical findings, or gap analysis.
Built for two rooms.
CISOs & GRC.
For internal security teams who own their own NIST posture — and want self-serve speed without a consultant on retainer.
- →Run your own CSF 2.0 gap analysis
- →Self-serve from day one — no consultant required
- →Full data sovereignty on your infrastructure
- →Track maturity scores over time
- →Citation-level audit evidence
Consultancies & MSSPs.
For practices delivering NIST work to multiple clients — and tired of starting from scratch every engagement.
- →10x faster delivery from your own lab
- →White-label branded PDF reports (3 formats)
- →Unlimited client assessments, zero per-client fees
- →Human-in-the-loop validation workflow
- →Multi-tenant client workspace
Founder pricing. Locked in.
Join the waitlist to lock in launch pricing. Once we go live, prices reset higher — waitlist holders keep the founder rate forever.
Solo.
For internal security teams.
- →1 organization
- →Unlimited assessments
- →All 3 report types
- →3 users
Practice.
For consultancies & MSSPs.
- →Unlimited client workspaces
- →White-label reports
- →10 users
- →Priority support
Enterprise.
For organizations at scale.
- →Air-gapped deployment
- →SSO + RBAC
- →Unlimited users
- →Dedicated support engineer
Asked & answered.
When does NISTForge launch?
+
Public beta in Summer 2026. Waitlist members get early access starting late Q2, with founder pricing locked in for life.
Where does my data live?
+
On your infrastructure. NISTForge ships as a Docker container with local AI inference via Ollama. No API keys, no cloud calls, no data egress.
Do I need an AI background?
+
No. NISTForge is operated by security practitioners, not data scientists. One Docker command and you’re running.
What about SOC 2 / ISO 27001?
+
NISTForge focuses on NIST CSF 2.0. SOC 2 and ISO 27001 are handled by our sibling product, SOCLedger — also launching in 2026.
Can I white-label it?
+
Yes — included in the Practice tier. Add your logo, colors, and footer to all 3 report formats.
How do I get on the waitlist?
+
Scroll to the bottom — leave your email. We’ll reach out personally before public launch, and you keep founder pricing forever.
Get in early.
Waitlist members get early access, founder pricing locked in for life, and a personal onboarding session with our team.