Capability · assessment

Multi-framework assessment engine

Walk every regulatory requirement, score gaps, and generate the remediation tasks your auditors will check off.

Assessment engine showing per-framework questionnaire with article-level questions, scoring, and gap remediation tasks

A compliance assessment is only useful if it cites the actual regulatory text and produces work you can do. Attestry generates a per-system questionnaire dynamically (Article 9 risk management, Annex IV documentation, Colorado deployer duties, NIST functions, ISO/IEC 42001 controls, PQC readiness), with each question tied to a specific requirement key. Responses are scored per framework and per section, gaps are tagged by priority, and remediation tasks ship with concrete steps and regulatory deadlines computed from enacted legislation. Cross-framework auto-population reuses prior answers wherever the framework crosswalk marks the mapping exact or strong, so assessing a second framework on the same system is faster than the first.

What's included

Built to be auditor-ready out of the box

Article-level questions, not generic checklists

Each question carries a requirement key tying it to specific regulatory text: eu.art9.1, co.deployer.risk_mgmt, nist.govern, pqc.migration.roadmap. Help text references the exact provision so reviewers can defend every answer.

Per-section and per-framework scoring

Every section ships its own score, and every framework rolls up to a weighted overall score with A–F grading. Gaps are tagged critical / high / medium / low based on requirement priority and risk tier.

Cross-framework auto-population

Once a framework is assessed, answers flow automatically into the next via the framework crosswalk. Only mappings marked exact or strong populate, and only into questions that aren't already answered.

Remediation tasks with regulatory deadlines

Each gap generates a remediation task with concrete sub-steps and an estimated effort in hours. Due dates pull from enacted regulation when applicable; otherwise they default to a priority-based window (7 / 14 / 30 / 60 days).

Cryptographic primitives behind this capability

Each capability rests on signed, verifiable signature components.

Component

Framework crosswalk

Component

Evidence chain

Component

Signed attestations

Start attesting in 60 seconds.

Free plan includes fingerprinting, unverified attestations, and a public registry listing. Upgrade when you need signed proofs or SLA-backed verification.

Create a free account See pricing

Capability · assessment

Multi-framework assessment engine

Walk every regulatory requirement, score gaps, and generate the remediation tasks your auditors will check off.

Start free See all features

What's included

Built to be auditor-ready out of the box

Article-level questions, not generic checklists

Per-section and per-framework scoring

Cross-framework auto-population

Remediation tasks with regulatory deadlines

Cryptographic primitives behind this capability

Each capability rests on signed, verifiable signature components.

Component

Framework crosswalk

Component

Evidence chain

Component

Signed attestations

Start attesting in 60 seconds.

Free plan includes fingerprinting, unverified attestations, and a public registry listing. Upgrade when you need signed proofs or SLA-backed verification.

Create a free account See pricing