Key stored locally in your browser only. Never sent to TRA servers.
Client
Navigation
🏢Client Profile
📄Generate Documents
Policies
📋Acceptable Use PolicyAUP
🔒CUI Handling PolicyCUI
📘WISPWISP
🤖Generative AI PolicyGenAI
Plans
🚨Incident Response PlanIRP
🔄BCP / DRPBCP
Assessments
🤝Vendor Risk AssessmentVRA
Compliance Records
🛡️System Security PlanSSP
📊POA&MPOA
✅Annual Review ChecklistARC
🎖️CMMC Self-AssessmentSPRS
Attestations
✍️Attestations (5 roles)ATT
Step 1
Client Profile — Default
Fill in once per client — all documents pull from this profile. Fields marked ⚡ can be imported from the NIST 800-171 Tool if it's open in the same browser.
⚡ NIST tool data detected. Click Load from NIST Tool in the header to pre-fill this form.
🏢 Organization
👤 Contacts & Roles
🖥️ System Scope & CUI Description
✓ Saved
Step 2
Generate Documents
9 documents — grouped by type. Click any card to preview. Use PDF to print/save, or Word to download a .docx.
⚠️ Your client profile is incomplete. Fill in the profile first for best results — the documents will use placeholder text where information is missing.
📋
Acceptable Use Policy
IT resource usage rules for all employees, contractors, and third parties.
PolicyNIST 3.1, 3.2
✓ Ready to generate
🔒
CUI Handling Policy
How to identify, handle, store, transmit, and dispose of Controlled Unclassified Information.
PolicyNIST 3.8, 3.13
✓ Ready to generate
✍️
Control Responsibility Attestations
5 role-based attestation documents: Security Officer, IT Director, Systems Admin, IRM, MSP.
AttestationNIST Rev 2 All
✓ Ready to generate
🤝
Vendor Risk Assessment
Third-party security questionnaire with scoring, risk rating, and approval workflow.
AssessmentNIST 3.1.20
✓ Ready to generate
🛡️
System Security Plan (SSP)
Full system description, boundary, all 110 control statuses with notes. Auto-populated from NIST tool.
PolicyNIST 3.12.4⚡ NIST Data
✓ Ready to generate
📊
Plan of Action & Milestones (POA&M)
All Not Met and Partial controls with gap descriptions, owners, and target dates. Auto-populated from NIST tool.
TrackerNIST 3.12.2⚡ NIST Data
✓ Ready to generate
📘
Written Information Security Program (WISP)
Full Thomas Andersen format: §1 Intro, §2 Policies, §3 Technical + Appendices A–F (Attestation, Maintenance SOP, Chain of Custody, IRP, GenAI Policy, Signature Page).
PolicyCore Document
✓ Ready to generate
🤖
Generative AI Policy
Full Thomas Andersen format: Purpose, Scope, Definitions table, AI Advisory Board, GenAI Ownership, Proposals process, Data Management, Acceptable Use table, Transparency, Third-Party Risk, Compliance.
PolicyNew · 2026
✓ Ready to generate
🚨
Incident Response Plan (IRP)
IRT roles from contacts, lifecycle phases, DoD 72-hour notification, 5 incident playbooks, tabletop requirement.
PlanNIST 3.6.1-3
✓ Ready to generate
🔄
Business Continuity Plan / Disaster Recovery Plan
BIA with RTO/RPO table, Recovery Team contacts, 5 disaster scenarios with phased response, backup schedule, remote work procedures, communication plan, DR test log, and signature page.