GRC Compliance Platform · Automated Evidence & Audit Workflows
ForgeGRC is a compliance automation platform built for security engineers and GRC practitioners operating in federal and regulated environments. It bridges hands-on cryptographic assurance with Governance, Risk, and Compliance (GRC) objectives — turning what is normally a manual, documentation-heavy process into a structured, repeatable workflow.
Designed from the ground up for:
- Multi-framework GRC — SOC 2, CMMC v2, ISO 27001, PCI DSS 4.0.1, NIST CSF 2.0
- Automated scanning — OpenSCAP, Anchore, CISA KEV integration
- Evidence collection — structured artifact gathering for audits and ATOs
| Feature | Description |
|---|---|
| Compliance Scanning | OpenSCAP, Anchore, and KEV-integrated automated scanning |
| Evidence Collection | Structured artifact collection mapped to control families |
| Multi-Framework | SOC 2, CMMC v2, ISO 27001, PCI DSS 4.0.1, NIST CSF 2.0, FedRAMP |
| Policy Generator | Compliance-aligned policy and documentation templates |
| Audit Dashboard | Control status, gap analysis, and remediation tracking |
| Offline-Capable | Designed to run in air-gapped and high-security environments |
ForgeGRC provides coverage across the following standards and frameworks:
- NIST SP 800-53 Rev 5 — Security and Privacy Controls
- NIST CSF 2.0 — Cybersecurity Framework
- CMMC v2 — Cybersecurity Maturity Model Certification
- SOC 2 Type I/II — Service Organization Controls
- ISO/IEC 27001:2022 — Information Security Management
- PCI DSS 4.0.1 — Payment Card Industry Data Security Standard
- FedRAMP — Federal Risk and Authorization Management Program
Each release includes:
- Platform source code (ZIP)
- Compliance module documentation
- Policy and procedure templates
- Framework mapping reference sheets
- Installation and configuration guide
See CHANGELOG for version history and release notes.
# Clone the repository
git clone https://github.com/IAwiz87/ForgeGRC.git
cd ForgeGRC
# See docs/ for full installation and configuration guide
cat docs/INSTALL.mdFull setup documentation is included in each release package.
ForgeGRC/
├── docs/ # Documentation and framework guides
│ ├── INSTALL.md # Installation and configuration
│ ├── frameworks/ # Per-framework implementation guides
│ └── templates/ # Policy and procedure templates
├── index.html # GitHub Pages project page
├── CHANGELOG.md # Version history
├── LICENSE
└── README.md
Built by Andrew P. Largent — Security Engineer specializing in FIPS 140-3 cryptographic assurance, GRC framework implementation, and federal compliance engineering.
ForgeGRC is an independent project. It is not affiliated with, endorsed by, or produced by NIST, CISA, or the U.S. Government. Always refer to official sources for authoritative compliance and security guidance.
Bridging cryptographic assurance with GRC — for the federal compliance community