8+Compliance Frameworks
3Scan Engines
0Cloud Required

Everything the compliance workflow demands

From automated scanning to structured evidence collection β€” ForgeGRC handles the technical depth that generic GRC tools miss.

πŸ”
Automated Compliance Scanning
Integrated OpenSCAP, Anchore, and CISA KEV scanning with findings automatically mapped to NIST 800-53 control families.
πŸ“‹
Evidence Collection
Structured artifact gathering for audits and ATOs. Evidence linked to controls, organized by framework, and export-ready for auditors.
πŸ—ΊοΈ
Multi-Framework Mapping
Single-pane control mapping across SOC 2, CMMC v2, ISO 27001, PCI DSS 4.0.1, NIST CSF 2.0, FedRAMP, and FIPS 140-3.
πŸ“
Policy Generator
Compliance-aligned policy and procedure templates with version control, review tracking, and framework citation built in.
πŸ“Š
Audit Dashboard
Real-time control status, gap analysis, remediation tracking, and POA&M generation β€” all in a standalone, offline-capable HTML dashboard.
πŸ›‘οΈ
Air-Gap Compatible
Designed from the ground up for high-security and air-gapped environments. No cloud account, no external dependencies required.

Built for the frameworks that matter

ForgeGRC provides structured coverage across every major federal, commercial, and cryptographic compliance standard.

Federal
NIST SP 800-53 Rev 5
Security and Privacy Controls for federal information systems β€” full control family mapping
Federal
FedRAMP
Authorization to Operate workflows, POA&M generation, ConMon SLA tracking
DoD
CMMC v2
Cybersecurity Maturity Model Certification β€” Level 1, 2, and 3 practice implementation
Commercial
SOC 2 Type I/II
Trust Services Criteria evidence collection, control mapping, and audit-ready documentation
International
ISO/IEC 27001:2022
Information Security Management System controls, Annex A mapping, and ISMS documentation
Financial
PCI DSS 4.0.1
Payment card industry requirements, SAQ documentation, and control validation workflows
Framework
NIST CSF 2.0
Govern, Identify, Protect, Detect, Respond, Recover function mapping and maturity tracking

Download ForgeGRC

Each release is a self-contained package with everything needed to deploy, configure, and run compliance workflows immediately.

ForgeGRC β€” Latest Release
πŸ“¦ ZIP Archive Β· MIT License Β· github.com/IAwiz87/ForgeGRC
  • Platform source code & modules
  • Compliance module documentation
  • Policy & procedure templates
  • Framework mapping reference sheets
  • Installation & configuration guide
# Clone and get started
git clone https://github.com/IAwiz87/ForgeGRC.git
cd ForgeGRC

# Or download the latest release ZIP directly
# β†’ https://github.com/IAwiz87/ForgeGRC/releases/latest

Why ForgeGRC exists

Most GRC platforms are built for checkbox compliance β€” they help organizations answer auditor questions but don't help engineers actually implement understand control-to-finding traceability at a technical level.

ForgeGRC was built from the inside out: starting with GRC frameworks that federal and regulated organizations must satisfy simultaneously.

The result is a platform that treats compliance as a technical discipline, not a documentation exercise.

Andrew P. Largent
Security Engineer Β· GRC & Cryptographic Compliance
SOC 2 CMMC v2 FedRAMP ISO 27001 OpenSCAP OpenSSL NIST 800-53