ForgeGRC — GRC Compliance Platform

Platform Capabilities

Everything the compliance workflow demands

From automated scanning to structured evidence collection — ForgeGRC handles the technical depth that generic GRC tools miss.

🔍

Automated Compliance Scanning

Integrated OpenSCAP, Anchore, and CISA KEV scanning with findings automatically mapped to NIST 800-53 control families.

📋

Evidence Collection

Structured artifact gathering for audits and ATOs. Evidence linked to controls, organized by framework, and export-ready for auditors.

🗺️

Multi-Framework Mapping

Single-pane control mapping across SOC 2, CMMC v2, ISO 27001, PCI DSS 4.0.1, NIST CSF 2.0, FedRAMP, and FIPS 140-3.

📝

Policy Generator

Compliance-aligned policy and procedure templates with version control, review tracking, and framework citation built in.

📊

Audit Dashboard

Real-time control status, gap analysis, remediation tracking, and POA&M generation — all in a standalone, offline-capable HTML dashboard.

🛡️

Air-Gap Compatible

Designed from the ground up for high-security and air-gapped environments. No cloud account, no external dependencies required.

Standards Coverage

Built for the frameworks that matter

ForgeGRC provides structured coverage across every major federal, commercial, and cryptographic compliance standard.

Federal

NIST SP 800-53 Rev 5

Security and Privacy Controls for federal information systems — full control family mapping

Federal

FedRAMP

Authorization to Operate workflows, POA&M generation, ConMon SLA tracking

DoD

CMMC v2

Cybersecurity Maturity Model Certification — Level 1, 2, and 3 practice implementation

Commercial

SOC 2 Type I/II

Trust Services Criteria evidence collection, control mapping, and audit-ready documentation

International

ISO/IEC 27001:2022

Information Security Management System controls, Annex A mapping, and ISMS documentation

Financial

PCI DSS 4.0.1

Payment card industry requirements, SAQ documentation, and control validation workflows

Framework

NIST CSF 2.0

Govern, Identify, Protect, Detect, Respond, Recover function mapping and maturity tracking

Distribution

Download ForgeGRC

Each release is a self-contained package with everything needed to deploy, configure, and run compliance workflows immediately.

ForgeGRC — Latest Release

📦 ZIP Archive · MIT License · github.com/IAwiz87/ForgeGRC

Platform source code & modules
Compliance module documentation
Policy & procedure templates
Framework mapping reference sheets
Installation & configuration guide

Download ZIP View all releases & changelog →

      # Clone and get started

      git clone https://github.com/IAwiz87/ForgeGRC.git

      cd ForgeGRC

      # Or download the latest release ZIP directly

      # → https://github.com/IAwiz87/ForgeGRC/releases/latest

Background

Why ForgeGRC exists

Most GRC platforms are built for checkbox compliance — they help organizations answer auditor questions but don't help engineers actually implement understand control-to-finding traceability at a technical level.

ForgeGRC was built from the inside out: starting with GRC frameworks that federal and regulated organizations must satisfy simultaneously.

The result is a platform that treats compliance as a technical discipline, not a documentation exercise.

Andrew P. Largent

Security Engineer · GRC & Cryptographic Compliance

SOC 2 CMMC v2 FedRAMP ISO 27001 OpenSCAP OpenSSL NIST 800-53

github.com/IAwiz87 CyberForge — Open-Source Tools