CMMC Level 1 & 2
The Department of War's certification program, now under reform review — our founding specialty. Gap assessment to assessment-day readiness, run by the team that trains the assessors.
Explore CMMC Level 1 & 2Compliance coverage
Every framework below runs on the same backbone: the Cyber Tackle Box™ platform, cross-framework control mapping so evidence does double duty, and practitioners who work by, with, and through your team. Pick yours — or book a call and we'll tell you which one your contract actually requires.
Choose your mission
The Department of War's certification program, now under reform review — our founding specialty. Gap assessment to assessment-day readiness, run by the team that trains the assessors.
Explore CMMC Level 1 & 2The 110 requirements behind every DFARS clause — and the SPRS score primes check. Self-attestation is now a False Claims Act matter; get a number you can defend.
Explore NIST SP 800-171The report your enterprise deals are waiting on. Type I and Type II readiness without losing your engineering quarter.
Explore SOC 2The OCR-defensible risk analysis, policies, and workforce training — for clinics, health tech, and the MSPs that serve them.
Explore HIPAAThe pass/fail gate on EU, UK, and APAC tenders. ISMS build, internal audit, and the three-year cycle — including lapsed-certificate rescue.
Explore ISO 27001:2022The gate to a $19.6B federal cloud market, mid-reinvention: Key Security Indicators, machine-readable evidence, and 2027 deadlines already on the calendar.
Explore FedRAMPOne verification for the $155B+ SLED market. Arizona and Nevada now mandate it — and it doubles as a FedRAMP Class A on-ramp.
Explore GovRAMPThe framework your board and your insurer both speak. Profiles, tiers, and insurance-questionnaire-ready evidence.
Explore NIST CSF 2.0Govern, Map, Measure, Manage. Now a statutory legal defense in Texas and the entry fee to federal AI procurement.
Explore NIST AI RMFThe NSF-aligned framework for research cyberinfrastructure — 4 pillars, 16 Musts, delivered for a half-FTE security reality.
Explore Trusted CIOur right-sized baseline: 30 prioritized CIS-based safeguards that satisfy carriers, support safe-harbor defenses, and actually get done.
Explore Sturdy 30Also in the platform: NIST 800-53, NIST 800-172, NIST CSF, HITRUST, CIS Controls v8, FTC Safeguards Rule (Part 314), cyber-insurance readiness, and IoT cloud provider questionnaires. Ask us about yours.
Why one platform
Most companies don't have a framework problem — they have a framework sprawl problem. The customer wants SOC 2, the contract wants 800-171, the insurer wants CIS, the board wants CSF. The Cyber Tackle Box maps one control implementation across all of them, so every new framework starts most of the way done.
The Lionfish difference
Get in touch
A contract clause, a customer questionnaire, an insurance renewal, a letter from a regulator — whatever started this, we'll tell you exactly which framework answers it and what it takes.
Prefer to skip the form? Book a time directly or call 1-877-732-6772.