Features

Comprehensive supply chain risk management platform with NIST SP 800-161 compliance, real-time SBOM vulnerability analysis, and evidence-based vendor risk assessment tools

Supply Chain Risk Assessment

Comprehensive NIST SP 800-161 aligned assessments with 24 questions across 6 domains: • Supplier Risk Management
• Threat Management
• Vulnerability Management
• Information Sharing
• Incident Response
• Lifecycle Management Real-time scoring, automated recommendations, and save/resume functionality.

SBOM Analysis

Real-time vulnerability analysis using OSV Database integration. Supported formats: CycloneDX (JSON/XML) and SPDX (JSON/XML/RDF) Features: Component-level risk assessment, license compliance detection, CVE severity mapping, and NTIA minimum element validation. Export analysis results in multiple formats for integration with your security workflows.

Vendor Risk Management

Comprehensive vendor inventory with risk profiles, contact information, and business context. Tracking capabilities: Risk scores, compliance status, and assessment history. Organization: Automated risk classification (Low/Medium/High/Critical) with visual indicators. Link vendors to assessments and SBOM analyses for complete risk visibility.

Vendor Risk Calculator

Interactive risk assessment tool evaluating 5 weighted factors: • Data access level
• Business criticality
• Security controls
• Compliance status
• System exposure Real-time risk score calculation (0-100 scale) with configurable weights. Automatic risk level classification and actionable recommendations.

Vendor Risk Radar

Privacy-focused risk visualization with interactive radar charts. Vendor categories: Cloud Storage, Payment Processor, SaaS Platform, and more with category-specific risk templates. Privacy dimensions: Data sensitivity, access control, data residency, retention control, encryption standards, and compliance framework alignment. Maps to GDPR, CCPA, HIPAA regulations for comprehensive privacy compliance.

Evidence Vault

Centralized document management linking evidence files to assessment responses. Document types: Upload and organize documents, attestations, certificates, and compliance proofs. Features: Version control and audit trail tracking for complete governance. Link evidence to specific assessment questions and compliance controls for defensible vendor risk management.

NIST Compliance Scoring

Automated compliance assessment with category-based scoring: • Governance (25%)
• Supplier Management (25%)
• Product Security (20%)
• Incident Response (15%)
• Information Sharing (15%) Compliance levels: Full (≥85%), Partial (60-84%), Non-compliant (<60%) Generate actionable improvement recommendations based on assessment results.

NIST Checklist Tool

Quick compliance assessment with 10 NIST C-SCRM controls across 5 categories: • Governance
• Supplier Management
• Product Security
• Incident Response
• Information Sharing Interactive checklist with progress tracking, compliance scoring, and exportable reports for gap analysis and remediation planning.

Reporting & Export

Generate executive-ready audit reports for NIST SP 800-161, CMMC 2.0, and other compliance frameworks. Export formats: PDF and JSON for assessment results, SBOM analysis, compliance scores, and vendor risk profiles. Report contents: Executive summaries, gap analysis, actionable recommendations, and evidence inventories. Perfect for regulatory submissions and procurement reviews.

Ready to Get Started?

Start managing your vendor risk and supply chain compliance today. Begin your free 14-day trial.

Start Free Trial View Pricing