PHY357
Home Frameworks How It Works Pricing Contact
Compliance Audit
PHY357-Auditor
8 frameworks. 57 checks. 30 seconds. $499.
30s
Full audit time
57
Security checks
8
Frameworks
$0
Code changes to extend
Run Your First Audit
What It Does
Measures Your System.
Not Your Documentation.
Manual auditors review policies, interview staff, and check documentation. PHY357-Auditor reads your actual system state — file permissions, encryption status, service configurations, hash integrity — and scores it against 8 compliance frameworks in 30 seconds. Deterministic. Same system, same result, every time.
INTEGRITY
Hash Verification
Is the system in its expected state? File permissions checked. Binary hashes matched against packages. No unauthorized UID 0 accounts. No modified system files. If anything changed without authorization, the audit catches it.
CONFIDENTIALITY
Encryption & Secrets
Is sensitive data protected? SSH key entropy measured with Shannon entropy — mathematical measurement, not checklist. Disk encryption verified. No plaintext secrets in config files. No exposed credentials anywhere on the system.
RESILIENCE
Persistence & Recovery
Do security controls survive reboots? SSH hardening persists after restart. Firewall rules survive power cycle. NTP synchronized. Logging active and writing to disk. Controls that disappear after reboot don't exist.
Frameworks
8 Frameworks. One Scan.
Each check maps to multiple frameworks simultaneously. Run once, get scored against all 8. Adding a new framework is a config change — zero code.
OWASP Top 10
16 checks
A01–A09 mapped
NIST 800-53
55 checks
AC, AU, CM, IA, SC, SI
SOC 2 Type II
40 checks
All 5 trust criteria
CIS Controls v8
46 checks
Controls 1–8
GDPR
5 checks
Article 32
CMMC Level 2
6 checks
Defense contractors
DISA STIGs
11 checks
Military / government
Zero Trust
4 checks
ZT-1 through ZT-3
Process
Point It at a System. Get a Score.
No agents to install. No kernel hooks. No modifications to the target system. PHY357-Auditor is read-only — it never writes, never modifies, never deletes. It measures and reports.
1
Target
Point at any Linux system (Windows + Cloud coming)
2
Scan
57 checks run read-only in 30 seconds
3
Score
Per-framework scores and overall grade
4
Report
Findings, evidence, and remediation steps
5
Fix
Follow remediations, re-scan, verify
READ-ONLY
Zero Writes
Never writes to the target. Never modifies files, configs, or settings. Never installs agents or drivers. Never hooks into the kernel. Measures only.
DETERMINISTIC
Same Result Every Time
Same system state produces the same score. No subjective interpretation. No auditor bias. Run it Monday, run it Friday — same system, same grade.
EVIDENCE
Every Finding Has Proof
Every check includes the actual evidence — file content, permission bits, entropy value, service status. Not "we checked and it passed." The actual data, recorded.
{
  "product": "PHY357-Auditor",
  "summary": {
    "total_checks": 57,
    "passed": 42,
    "failed": 11,
    "warnings": 4,
    "score": 73.7,
    "verdict": "NEEDS REMEDIATION"
  },
  "frameworks": [
    { "name": "NIST", "passed": 45, "total": 55, "score": 81.8 },
    { "name": "SOC2", "passed": 32, "total": 40, "score": 80.0 },
    { "name": "OWASP", "passed": 12, "total": 16, "score": 75.0 }
  ]
}
Comparison
Saving Time 10X
The auditor still signs. PHY357-Auditor does the work. Hours of verification instead of months of investigation.
10X
Saving time
Faster than manual audit
$499
Per audit
Manual: $20K–$50K
100%
Reproducible
Manual: varies per auditor
MANUAL AUDIT
Ask Humans
Reviews documentation. Interviews staff. Checks policies. People can misremember. Documents can be outdated. Policies can exist on paper but not in practice. The audit reflects what people say, not what the system does.
PHY357-AUDITOR
Measure Systems
Reads actual file permissions. Computes real entropy. Verifies running services. Checks real hash integrity. The audit reflects what the system IS, not what anyone says it is. Systems can't lie. Math can't be misquoted.
Pricing
Simple. Transparent.
One audit, one price. No hidden fees. No per-check charges. No surprise invoices.
Single Audit
One-time full audit. All 8 frameworks. All 57 checks. Complete report with findings and remediation.
$499
one-time
  • All 8 frameworks scored
  • 57 security checks
  • JSON report with evidence
  • Remediation steps per finding
  • Re-scan after fixes (1 included)
Request Audit
Annual
Quarterly audits with trend tracking. Watch your compliance posture improve over time.
$1,999
per year (4 audits)
  • 4 quarterly audits
  • Trend tracking across quarters
  • Unlimited re-scans after fixes
  • Priority support
  • Framework updates included
  • New checks added as released
Start Annual
CyberShield Enterprise
PHY357-Auditor included at no extra cost with CyberShield Enterprise. Defense + compliance in one platform.
Included
with CyberShield Enterprise
  • Unlimited audits
  • Continuous compliance monitoring
  • Full CyberShield defense platform
  • 5-layer behavioral security
  • 7-day threat forecast
  • Dedicated account manager
Explore CyberShield
Roadmap
Where It's Going
SHIPPED
Phase 1 & 2 — Complete
Framework core (TOML parser, registry, router). Linux adapter with 11 condition types and 57 checks across 8 frameworks. JSON reporting. Self-audit capability. 1,506 lines of Rust + 649 lines of TOML.
NEXT
Phase 3–6 — Planned
100+ checks. Additional compliance frameworks. Windows, Cloud (GCP/AWS/Azure), Database, and Kubernetes adapters. Cloud SaaS with dashboard, PDF reports, scheduling. Self-audit pass rate ≥ 95%.
A security company that can't pass
its own audit has no right to audit others.
PHY357-Auditor scans itself first. Then it scans you. 30 seconds. 57 checks. 8 frameworks. The truth about your system's compliance posture — measured, not guessed.
Run Your Audit