Practical, framework-aligned cybersecurity assessment tools built for working GRC professionals.
Risk Posture Tools is a collection of browser-based assessment tools designed for cybersecurity and GRC (Governance, Risk & Compliance) practitioners. Each tool walks you through a structured framework — from NIST CSF 2.0 scoring and RMF authorization support to SSP authoring and SP 800-30 risk assessment.
These tools were built out of a real frustration: the frameworks exist, the guidance is authoritative and publicly available, but there's no lightweight, accessible way to actually work through them without expensive enterprise platforms or clunky spreadsheets. This is an attempt to fix that.
🔒 Your data stays on your machine. Risk Posture Tools has no backend database, no analytics that capture your assessment content, and no cloud sync. The only external call made by the tools is subscription validation — which sends only your email address to confirm your subscription status. No assessment data is ever transmitted.
The current suite covers four NIST frameworks — a natural starting point given their widespread use across U.S. federal and commercial environments:
The suite is designed to grow. Future tools may incorporate additional frameworks and standards as practitioner needs evolve.
Full assessment functionality is free, always. A Pro subscription is a fair exchange for the time-saving features — import, save, export, print — that make the tools useful for real professional engagements. The goal is not to gatekeep the frameworks, but to support continued development of the suite.
See the Pricing page for current subscription options.
All four tools are free to use — open any assessment and start immediately, no account required. Pro adds save, export, and print for $59/year.
Risk Posture Tools