We're solving our own compliance problems.
Are they your problems too?
We're a team of product developers and security compliance professionals who have supported software applications for the US Government since 2003. If you work on an application the government uses, then it's quite possible that our problem is your problem too.
In support of our deployed government applications, we work closely with our security team to make sure our software applications are compliant with evolving security controls. Pair a complex system with changing security requirements, and the process of identifying, tracking, resolving, and reporting on compliance actions becomes tedious and time consuming.
We searched for solutions to help with this process, but what we found was either too simple or too complicated to help us, and in the end, still didn't offer a solution to the collaboration and action tracking that we needed to work smarter and report accurately.
We went on to create an internal process by piecing together some of today's less user friendly tools: PDF viewer, Excel spreadsheets, Email, direct message chat clients, STIG Viewer, and the list goes on. But even then, we couldn't solve for the communication and task assignment conflicts that were our biggest struggle. It was still too easy to lose visibility of who changed what, when they did it, and why.
We needed one tool instead of 20. We needed transparency. We needed action tracking. We desperately needed a better way to collaborate than emailing a spreadsheet back and forth.
So we built it. We tested it. We argued about what to name it.
And now, we want to share it with you.