Not sure which framework your contract or customer actually requires? That's the first thing we untangle — free. Book a call

Compliance coverage

Whatever audit is keeping you up at night —
we cover it.

Every framework below runs on the same backbone: the Cyber Tackle Box™ platform, cross-framework control mapping so evidence does double duty, and practitioners who work by, with, and through your team. Pick yours — or book a call and we'll tell you which one your contract actually requires.

Choose your mission

Eleven frameworks. One system of record.

Defense Contractors

CMMC Level 1 & 2

The Department of War's certification program, now under reform review — our founding specialty. Gap assessment to assessment-day readiness, run by the team that trains the assessors.

Explore CMMC Level 1 & 2
Defense Contractors

NIST SP 800-171

The 110 requirements behind every DFARS clause — and the SPRS score primes check. Self-attestation is now a False Claims Act matter; get a number you can defend.

Explore NIST SP 800-171
B2B SaaS & Services

SOC 2

The report your enterprise deals are waiting on. Type I and Type II readiness without losing your engineering quarter.

Explore SOC 2
Healthcare & Business Associates

HIPAA

The OCR-defensible risk analysis, policies, and workforce training — for clinics, health tech, and the MSPs that serve them.

Explore HIPAA
International Sellers

ISO 27001:2022

The pass/fail gate on EU, UK, and APAC tenders. ISMS build, internal audit, and the three-year cycle — including lapsed-certificate rescue.

Explore ISO 27001:2022
Cloud Providers → Federal

FedRAMP (Rev 5 + 20x KSIs)

The gate to a $19.6B federal cloud market, mid-reinvention: Key Security Indicators, machine-readable evidence, and 2027 deadlines already on the calendar.

Explore FedRAMP
SaaS → State & Local Gov

GovRAMP

One verification for the $155B+ SLED market. Arizona and Nevada now mandate it — and it doubles as a FedRAMP Class A on-ramp.

Explore GovRAMP
Mid-Market & Boards

NIST CSF 2.0

The framework your board and your insurer both speak. Profiles, tiers, and insurance-questionnaire-ready evidence.

Explore NIST CSF 2.0
Companies Deploying AI

NIST AI RMF

Govern, Map, Measure, Manage. Now a statutory legal defense in Texas and the entry fee to federal AI procurement.

Explore NIST AI RMF
Research & Universities

Trusted CI

The NSF-aligned framework for research cyberinfrastructure — 4 pillars, 16 Musts, delivered for a half-FTE security reality.

Explore Trusted CI
Small Business & MSPs

Sturdy 30 (CIS-based)

Our right-sized baseline: 30 prioritized CIS-based safeguards that satisfy carriers, support safe-harbor defenses, and actually get done.

Explore Sturdy 30

Also in the platform: NIST 800-53, NIST 800-172, NIST CSF, HITRUST, CIS Controls v8, FTC Safeguards Rule (Part 314), cyber-insurance readiness, and IoT cloud provider questionnaires. Ask us about yours.

Why one platform

Evidence should do double duty

Most companies don't have a framework problem — they have a framework sprawl problem. The customer wants SOC 2, the contract wants 800-171, the insurer wants CIS, the board wants CSF. The Cyber Tackle Box maps one control implementation across all of them, so every new framework starts most of the way done.

The Lionfish difference

  • Practitioners included. Real advisors — the team that trains certified CMMC assessors — not a dashboard and a wish.
  • Training built in. Every framework demands workforce training; ours comes from a state-accredited school, tracked per person.
  • MSP multi-tenant. Run every client's program from one console — compliance as a service line, not a liability.
  • Veteran-owned. SDVOSB, founded by a Green Beret, 4 IEEE-published papers, Purdue CERIAS partner.

Get in touch

Tell us what's being asked of you

A contract clause, a customer questionnaire, an insurance renewal, a letter from a regulator — whatever started this, we'll tell you exactly which framework answers it and what it takes.

  • 1We reply within one business day — usually faster.
  • 2A 30-minute call with someone who can actually answer your questions.
  • 3A straight recommendation — even if it's that you don't need us yet.

Prefer to skip the form? Book a time directly or call 1-877-732-6772.

Book a Free Call