Forseti is a unified compliance authorization platform that combines automated scanning, AI-powered document generation, and tri-party assessment workflows across FedRAMP, DoD, and CMMC frameworks. Powered by the Tyr Engine for enforcement and the Mimir Intelligence Engine for automation.
Assessor operations hub โ assigned systems queue, action alerts, and cross-org assessment management.
Your organization's compliance workspace. Submit evidence, track remediation, and manage your authorization package.
Executive review portal โ receive a secure access link from your CSP to review system posture and authorize ATO decisions.
In Norse mythology, the gods faced an existential threat: Fenrir, the chaos-wolf, growing stronger every day, destined to devour everything they'd built. No chain could hold it. No force could contain it.
Three figures changed the outcome.
Tyr, the god of law, volunteered to bind Fenrir โ placing his own hand in the wolf's mouth as a pledge of good faith, knowing he would lose it. He bound the chaos not with brute force, but with an unbreakable framework.
Mimir, the wisest being in all the realms, possessed knowledge so valuable that Odin sacrificed his own eye for a single drink from Mimir's well. His wisdom was the counsel no ruler could afford to be without.
Forseti, son of light, presided over Glitnir โ the hall of justice with pillars of gold and a roof of silver. Those who entered with disputes left reconciled. No grievance went unresolved.
Structure, governance, and enforcement โ the framework that binds compliance chaos
Seven-state FedRAMP-compliant control dispositions: Satisfied, Partially Satisfied, Other Than Satisfied, Inherited, Partially Inherited, Not Applicable, and Pending. Full NIST 800-53 Rev 5 across 10 frameworks.
Consolidated view of all OTS/partially-satisfied controls and scan vulnerabilities. Filter by severity, search across findings, and track remediation from a single pane of glass.
Generate print-ready Security Assessment Reports matching the official FedRAMP SAR Template v4.0 โ complete with all sections, appendices (AโF), RET, and SRTM data.
Track Plan of Action & Milestones with severity, status, remediation plans, and due dates. Auto-generated from OTS and partially-satisfied controls with configurable severity mapping.
Maintain a full asset inventory within the authorization boundary. Cross-reference against scan data for automated coverage analysis โ identify unscanned components instantly.
Evaluate external services entering the authorization boundary with a 20-item SCR checklist mapped to SR/SA controls. Track internal significant changes with auto-scoped SIA workflows and 3PAO concurrence.
Create isolated assessment projects with lifecycle onboarding โ Initial โ Continuous Monitoring โ Annual. Carry forward control states, open POA&Ms, and system inventory between phases.
FedRAMP-aligned rotating 1/3 control selection for annual assessments. Always-tested controls assessed every year; remaining controls rotate across three cycles.
Full FedRAMP deviation request workflow: FP, OR, VD, and RA. Three-stage approval chain: CSP submits โ 3PAO concurs โ AO approves. Annual expiry with auto-renewal tracking.
Super-administrator access across all customer organizations. Separate 3PAO IAM from customer org access. Cross-org control write-ups, state changes, and platform-level user/role management.
Automated Customer Responsibility Matrix (CRM) integration for AWS, Azure, GCP, and Oracle. Controls auto-set to Inherited with pre-filled evidence pointing to the CSP's FedRAMP authorization.
Complete tri-party authorization workflow with role-based access control. CSP submits evidence, remediation, and generates secure AO access links. 3PAO Assessor validates controls, verifies POA&M closures, and concurs on deviation requests. Authorizing Official receives a token-authenticated portal with executive summary, reviews posture, and authorizes ATO with ECDSA P-256 digital non-repudiation signatures.
AI-powered automation and intelligence โ the wisdom that outsmarts compliance risk
Automated compliance scanner with 135 rules across Linux, Windows, AWS, Azure, GCP, and Kubernetes. Feeds Satisfied/OTS results directly into dashboard controls with auto-attached evidence.
Import vulnerability scan results from Nessus (.csv), Qualys (.csv/.xml), and generic CSV formats. Auto-maps findings to controls with severity classification and host tracking.
Upload IaC templates, config files, and policy documents. Strong evidence auto-sets controls to Satisfied with attached evidence snippets. Supports Terraform, CloudFormation, Ansible, PDFs, and 15+ formats.
AI-powered FedRAMP SSP (High/Moderate) and 18 P&P document generation from IaC evidence and project metadata. AWS Bedrock integration. OSCAL-first output with DOCX exports โ full authorization package in minutes.
Auto-derive compliance posture for ISO 27001, SOC 2, HIPAA, PCI DSS, and CIS Controls v8 from your existing NIST 800-53 assessments. 292 requirements crosswalk-mapped. See demo โ
Automated NIST 800-53A assessment procedures โ Examine, Interview, and Test steps with pass/fail tracking. Auto-generated from control metadata for all 588+ controls. Exports to FedRAMP SRTM and OSCAL. See demo โ
Guided wizard generates FedRAMP authorization boundary diagrams from pre-built architecture templates. 44 components across 7 categories. Export to SVG and PNG. Open builder โ
Import and export NIST OSCAL Assessment Results (JSON). Machine-readable findings align with the FedRAMP 20x automation-first mandate for continuous monitoring.
See Forseti in action โ interactive demonstrations of every feature