The Platform

A complete pipeline for managing DISA STIG baselines across air-gapped boundaries — from pack creation to endpoint compliance.

Two Components, One Mission

A connected-side pack factory and a disconnected-side local engine work together across the security boundary.

Pack Factory

Connected Side

We parse DISA STIG releases and package them into Baseline Packs (.bapack files). Each pack contains normalized rules, structured metadata, and version tracking — so you always know exactly what you're applying.

  • Automated STIG ingestion and parsing
  • Rule normalization and classification
  • Version-aware delta pack generation
  • Integrity-verified .bapack packaging

Local Authority Engine

Disconnected Side

Install the engine in your isolated environment. Import packs, review every rule, toggle what applies, run audits, and apply remediations — all through a local dashboard at 127.0.0.1:1012. Nothing leaves the machine.

  • Pack import with integrity verification
  • Per-rule enable, disable, and override controls
  • Real-time compliance auditing
  • Safe, reversible remediation with rollback

Platform Capabilities

Purpose-built features for managing STIG compliance in isolated environments.

Structured Rule Management

Every rule is normalized with structured metadata, severity, check logic, and fix references.

Persistent Exceptions

Your tailoring decisions survive updates. Exceptions and overrides carry forward automatically.

Delta Updates

Only review what changed between STIG releases. New, modified, and removed rules are clearly flagged.

Registry / Service / Policy Checks

Automated checks across registry keys, Windows services, audit policies, and security settings.

PowerShell Remediation Engine

Apply fixes through a safe, auditable PowerShell execution engine with rollback support.

Compliance Scoring Dashboard

Real-time compliance score with drill-down into individual rule results and remediation status.

Supported Platforms

Starting with the most common secure environment platform, with more on the roadmap.

Windows 11 Standalone STIG

Available Now

Windows Server

Coming Soon

More Platforms

Planned

What's in a Baseline Pack?

A .bapack file is a portable, self-contained compliance package designed for secure transfer across air-gapped boundaries.

Normalized STIG Rules

Every rule from the DISA STIG release, parsed into a structured format with severity, category, check logic, and fix references.

Structured Metadata

Target platform, STIG version, release date, rule count, and mechanism classifications for automated audit and remediation.

Version Tracking

Full version lineage so the Local Engine can compute deltas, show what changed, and preserve your tailoring decisions across updates.

Integrity Hashes

SHA-256 integrity verification ensures the pack has not been tampered with during transfer across the air gap.