TRA Consulting, Inc.

Free Compliance
Assessment
Tools

Professional-grade readiness tools for every major cybersecurity and privacy framework. No signup, no server, no cost β€” all data stays in your browser.

9
Frameworks
NIST, CMMC, SOC 2, CIS, ISO 27001, CSF, HIPAA, PCI DSS, LFPDPPP
100%
Free
No account required. No data leaves your browser. Export JSON anytime.
AI
Powered
Claude AI integration for expert gap analysis and remediation roadmaps.
Compliance Tools
9 Frameworks + Document Generator
πŸ“„
NEW Β· Document Generator
NIST 800-171 Document Generator
Fill in your client profile once β€” instantly generate 9 professional compliance documents: SSP, POA&M, WISP, Incident Response Plan, Annual Review Checklist, Acceptable Use Policy, CUI Handling Policy, Vendor Risk Assessment, and 5 Role-Based Attestations. Integrates with the NIST 800-171 Assessment Tool to auto-populate control statuses. Download as PDF or Word.
SSP Β· POA&M Β· WISP Β· IRP Β· Attestations Β· AUP Β· CUI Policy Β· Vendor RA Β· Annual Checklist
β†’
πŸ”
DoD / CUI
NIST SP 800-171
Rev 2 (110 controls, SPRS score) and Rev 3 (97 controls, ODP fields). The foundation for CMMC Level 2 and all DFARS contracts.
Rev 2 Β· Rev 3 Β· SPRS Score Β· AI Report
β†’
πŸ›‘οΈ
DoD / FCI
CMMC 2.0 Level 1
17 practices across 6 domains. Required for any DoD prime or subcontract handling Federal Contract Information. Annual self-assessment.
17 Practices Β· 6 Domains Β· SPRS Ready
β†’
πŸ“‹
AICPA / SaaS
SOC 2 Readiness
All 5 Trust Service Criteria β€” Security, Availability, Processing Integrity, Confidentiality, Privacy. Type I and Type II assessment modes.
5 TSCs Β· Type I & II Β· AI Report
β†’
πŸ”
Universal
CIS Controls v8
18 controls, 154 safeguards across IG1, IG2, and IG3. The most practical cyber hygiene framework β€” maps to NIST, ISO, SOC 2, and CMMC.
154 Safeguards Β· IG1 / IG2 / IG3
β†’
🌐
ISO / Global
ISO 27001:2022
Full ISMS β€” Clauses 4–10 mandatory requirements plus all 93 Annex A controls across 4 themes. Includes SoA documentation support.
Clauses 4–10 Β· 93 Controls Β· SoA
β†’
πŸ“Š
Universal
NIST CSF 2.0
All 6 functions β€” Govern, Identify, Protect, Detect, Respond, Recover. The universal meta-framework mapping to every other standard.
6 Functions Β· 106 Subcategories
β†’
πŸ₯
Healthcare
HIPAA Compliance
Security Rule, Privacy Rule, and Breach Notification Rule. Covers both Covered Entities and Business Associates with R/A specification tagging.
Security Β· Privacy Β· Breach Β· BA
β†’
πŸ’³
Payments
PCI DSS v4.0
All 12 requirements with SAQ A / B / D applicability tagging. Covers merchants and service providers. Mandatory since March 2024.
12 Requirements Β· SAQ A/B/D Β· v4.0
β†’
πŸ‡²πŸ‡½
MΓ©xico / INAI
LFPDPPP
Ley Federal de ProtecciΓ³n de Datos Personales. Responsable y Encargado. Interfaz completamente bilingΓΌe β€” EspaΓ±ol / English.
Responsable Β· Encargado Β· πŸ‡²πŸ‡½ ES / πŸ‡ΊπŸ‡Έ EN
β†’
🎯
Nessus / Vuln
Vulnerability Remediation Tracker
Import Nessus scans (CSV or XML), track remediation by host and phase, Claude AI advisor scoped to client data. Multi-client with session PIN lock.
Multi-client Β· AI Chat Β· Phase Tracking Β· XLSX Import
β†’
What Every Tool Includes
πŸ€–
AI Analysis
Claude-powered gap analysis and prioritized remediation roadmaps. Objective and Expert Opinion modes.
πŸ“„
PDF Reports
Formatted multi-page reports with cover page, gap tables, evidence columns, score history, and sign-off.
πŸ‘₯
Multi-Client
Separate profiles per organization. Each with its own data, score history, and settings. Export/import JSON.
πŸ”’
100% Private
All data stored in your browser only. Nothing sent to any server. Works fully offline after first load.
Framework Coverage Matrix
βœ“ Covered  β— Partial  β€” N/A
Topic Area
NIST 171
CMMC L1
SOC 2
CIS v8
ISO 27001
CSF 2.0
HIPAA
PCI DSS
LFPDPPP
Need Expert Guidance?

TRA Consulting Can Help

These tools identify your gaps. Our team helps you close them β€” with assessment services, policy development, remediation support, and audit preparation.

Get in Touch β†’
⚠ All tools are for internal gap analysis only β€” not a substitute for formal certification, audit, or legal advice. Data stays in your browser. TRA Consulting is not responsible for compliance decisions made based on these tools.