Compliance you can
actually operate.
AxiomLens is your GRC command deck: NIST CSF 2.0[1]NIST Cybersecurity Framework 2.0 — including the new GV.SC (Supply Chain Risk Management) category. nist.gov/cyberframework turned into computed coverage, scored risk, and a board-ready report — running locally on your machine, your data in a database you own. Where a CaaS platform rents you a dashboard and holds your evidence in their cloud, this is the owned alternative. One-time license: activate once, then it runs fully offline — no account, no subscription, nothing phoning home after activation.
Pre-scripted — every number is the real CLT-001 figure. No engine internals exposed.
Own it. Don't rent it.
A CaaS platform rents you a dashboard and holds your evidence in their cloud. AxiomLens does the same job from a system you own outright. The difference, row by row:
"One-time license, per user. Activate once, then it runs fully offline on your machine — your own database, no API key needed. You own it and operate it — no account, no subscription, nothing phoning home after activation."
Own your deck. Don't rent your compliance.
One scannable comparison — the free taste, the single-org tracker, the flagship command deck, and the CLI operator's build.
AxiomLens $599 founding, then $999 standard — a difference, not a discount. Engine Core $250 founding / $350 standard. Framework packs $199 à la carte. Comparison: ComplianceForge ≈ $1,980 static · CaaS / SaaS GRC $10k+/yr rented · AxiomLens — computed, owned.
AxiomLens
By The Security Gator · Your GRC command deck
Load any environment's NIST CSF 2.0 assessment — your own, a client's, a subsidiary's — and AxiomLens computes coverage and maturity, scores risk, and produces the deliverables that close engagements: the Board Report, the client-ready Hand-Off, and the Cyber-Insurance Evidence Pack (add-on). Every control ID validated against the real framework. A local application with a full rail GUI — built for vCISOs, MSPs, and MSSPs producing a deliverable for someone else's business, not just their own.
Eight relational tables, one engine.
Tap a table to see what it holds.
{{ tableDesc }}
Real ownership — without the CaaS leash.
Every license is node-locked to your hardware, signed with ECDSA P-256, and fully operational after a single first-run activation — then it verifies offline, every launch. No subscription. No phone-home after activation. No remote kill switch on a paid-up customer. Your machine, your filesystem, your keys, your control.
If The Security Gator LLC ever closes its doors, the EULA carries a vendor-dissolution continuity commitment: an offline-activation fallback and an unsigned license-generation utility get released so your engine keeps running on new hardware, independent of us. That's the trade a compliance lead can actually defend in a vendor-risk review.
Everything you need to run it day one.
Frameworks, Controls, Clients, Control Status, Risks, Remediation, Crosswalk, Reports.
All 106 subcategories, pre-loaded, with references.
Computed metrics, validated IDs, template-written narrative — no API key required.
Wipeable sample client, setup guide, and a video walkthrough.
The convenience add-on: Cyber-Insurance Evidence Pack ($250). Drop one file into your install and a dormant module unlocks in both paid tiers — a 20-question readiness view mapped to what insurance applications actually ask, with a clean evidence export you can hand straight over. The point is speed: minutes to a defensible answer, not an afternoon of spreadsheet archaeology.
Founding is closed — standard pricing applies.
Founding pricing is a bounded window, open now: $599 for the AxiomLens GUI, $250 for Engine Core. It's a window, not a seat cap — buy while it's open and your founding price is locked, and every founding GUI purchase includes one framework pack of your choice.
When the window closes, AxiomLens lists at $999 standard and Engine Core at $350; AxiomGlass stays $99 flat. Standard later steps to $1,199 once the next major GUI update ships — founders keep the difference.
Governance Review Cadence.
AxiomLens schedules each governance control on a review interval and shows you, at a glance, what's on track and what's slipping. This is a seeded view of sample client CLT-001 — static status, exactly as the engine would render it.
No orchestration, by design. AxiomLens runs when you run it. After its one-time activation nothing phones home, nothing recomputes on a schedule, and your data never leaves your machine. These cadences are reminders the deck surfaces — not jobs it executes for you.
Cadence policy: GOVERN controls reviewed every {{ govCadenceGovern }} days, all others every {{ govCadenceOther }} days; flagged “due soon” within {{ govDueSoon }} days. These are sensible defaults — tune them to your own review policy at the top of the module.
Founding window open · includes one framework pack of your choice.
Board report — Northbridge Health Partners
The numbers are computed in code, so they're right. The narrative is assembled by a deterministic template that owns every figure — same input, same report, every run. This is the actual deliverable — explore it by function.
{{ curNote }}
Drag the sliders. Coverage = implemented ÷ in-scope; program maturity is the in-scope-weighted average — the same formulas the engine runs. Nothing is faked.
Northbridge's posture is materially below acceptable risk tolerance for a healthcare telehealth organization. As of Q2 2026, only 38 of 100 controls are fully in place — placing the program in early, inconsistent practice.
The good news: no controls fell through the cracks without an owner, and recovery capabilities show slightly stronger maturity than other areas. The gaps are significant and spread across every function.
The Board Report and the Hand-Off. Both print to PDF.
The Board Report translates posture for non-technical stakeholders — snapshot, coverage, risks, then a plain-English narrative and exactly what to fund next quarter. The Hand-Off (above) bundles the full control register, risk register, sign-off trail, and history into one client-ready sheet. Every export is generated locally and opens print-ready — File → Print → PDF, hand it over. Convenience is the point.
Read an issue before you subscribe.
Three sections, twelve minutes, every Tuesday — frameworks, configs, and the takes nobody else publishes. Here's the archive.
Twelve minutes a week, every Tuesday.
~8:00 AM Central. No spam, unsubscribe anytime.
One command deck. Your entire client book.
Run NIST CSF 2.0 across every engagement from one deck — computed coverage per client, scored risk, and the deliverables that close engagements: Board Reports, client-ready Hand-Offs, and Cyber-Insurance Evidence Packs. Team seats and MSAs built for portfolios, not single seats.
Run multiple environments side by side — each client's data isolated in its own private local database.
2–10 named seats, the discount deepening with every seat added — no floating licenses, no rent. Above 10 seats, or any MSP-wide / multi-tenant / white-label use: a signed MSA.
Continuity commitment and ownership posture that survive a vendor-risk review.
Let's size a license to your client book.
Talk licensing →One deck. A pack shelf that keeps growing.
Framework packs ship à la carte — drop a pack file into your install and the crosswalk lights up in both paid tiers. Nine frameworks are live today at $199 each, with more in the pipeline. Buy exactly what your book needs; founding GUI purchases include one pack of your choice.
Framework crosswalk packs — nine live
NIST 800-53 r5 · ISO 27001:2022 · PCI DSS v4 · SOC 2 · HIPAA · CMMC / 800-171 r3 · OWASP LLM Top 10 · NIST 800-82 r3 · NIST 800-81 r3. Map once in CSF 2.0, see the crosswalk everywhere.
Cyber-Insurance Evidence Pack
A 20-question readiness view plus a hand-ready export built for insurance applications — drop the pack file in and the dormant module unlocks in both paid tiers. Convenience is the product: minutes to a defensible answer, not an afternoon.
AxiomLens Engine Core
The full engine at CLI parity — status, sign-off, POA&M, snapshots, evidence, hand-off export — for operators who live in the terminal. Same database, same packs, no GUI.
Buy the packs your book needs. Skip the rest.
{{ sepCaption }}
Every pack is $199, one-time, drop-in. A typical client book runs three or four packs — no bundle to outgrow, no rent on frameworks you never touch. Browse the packs ↗
Where the Gator's headed.
The framework drops above ship with the engine. Here's what comes after — filter by horizon.
{{ r.title }}
{{ r.body }}
Directional, not a commitment to dates — sequencing shifts with what customers need most.
The things you'd email to ask.
Data, licensing, dependencies, continuity, support. If it's not here, the line's open.
Still deciding?
First-line support from the operator. 48-hour response on business days.
Terms, privacy & license.
Plain-language summaries of how AxiomLens, Engine Core, and AxiomGlass are licensed, how your data is handled, and what you agree to. These summaries are for the web; your purchase is governed by the full agreements provided at checkout.
Using this site
The Security Gator website and its content — guides, articles, and the Bayou Bytes newsletter — are provided for general information, not as legal, compliance, or security advice. Brand marks, copy, and visuals are the property of The Security Gator LLC. Some research, drafting, and production here are AI-assisted, with human review on everything that ships. External links are provided for convenience and are not endorsements.
Purchases & licensing
AxiomLens, Engine Core, and AxiomGlass are sold as one-time licenses — you pay once and own what you buy; there is no subscription for the product purchased today. All sales are final. If a product is inoperable on download we will repair it — repair, not refund. Purchases are completed through our storefront (Gumroad), and its policies also apply. First-line support is provided directly by the operator, with a 48-hour response target on business days (Mon–Fri, Central).
Your data
We collect as little as possible. Newsletter subscriptions are handled by Beehiiv and store only the email you provide; you can unsubscribe anytime. The products run on your infrastructure — a private database on your own machine, your filesystem, and (optionally) your own BYOK API key. No assessment or client data ever touches our servers. The paid local tiers verify a purchase once at first launch, then run fully offline — no phone-home after activation. AxiomGlass, the online entry tier, runs a lightweight license check each time it opens. Checkout and payment data are handled by our storefronts under their privacy policies.
EULA & continuity
Each license grants one named user the right to operate the software, node-locked to that user's hardware and signed with ECDSA P-256. You may not redistribute, resell, or attempt to defeat the licensing or protection mechanisms. You retain full ownership of the data and reports you produce.
The EULA carries a vendor-dissolution continuity commitment: if The Security Gator LLC ever closes, an offline-activation fallback and an unsigned license-generation utility are released so your engine keeps running on new hardware, independent of us. Governed by the laws of the Commonwealth of Kentucky.
Last updated July 19, 2026 · Summaries only, not legal advice — the controlling agreements are provided at checkout. Questions: BigG.TheCreator@TheSecurityGator.com
One link, every channel. Field notes, the engine, and where to find us.
AxiomGlass
A single self-contained file that opens in any browser — no subscription, nothing to install, no account to create (your order ID is your license; quick license check on open). Score NIST CSF 2.0 across all 106 subcategories; your answers stay in your browser and export to a file you own. The frictionless on-ramp to AxiomLens when you outgrow it.
Start here when you have one org and a deadline.
Get organized fast
All 106 subcategories laid out and ready to fill — no blank-page paralysis.
Own it outright
$99 once. No subscription — a single file you keep, answers that stay in your browser, exports you own.
Upgrade without rework
When you need computed coverage, scoring and board reports, AxiomLens picks up where Glass leaves off.
Outgrowing a single org?
AxiomGlass is the on-ramp to AxiomLens — the command deck for many clients and environments.
Gatorbytes.
Gatorbytes are the free, no-login starter kits that ship inside Bayou Bytes — self-contained files and plain-language guides you can open in any browser and use today. They're the takeaways, not the newsletter issues themselves.
The ten NIST CSF 2.0 controls teams miss most
The field guide: the gaps auditors flag first, with exactly what evidence closes each one — for IT leads, vCISOs, MSPs, and founders prepping a first audit.
Get the guide ↗The Govern Tracker
Why Govern sits at ~34% in most first assessments — and the three policies that move the needle fastest, with a tracker you can run on your own environment this week.
Get the tracker ↗The Evidence Register
Stop hunting for proof at audit time — a ready-to-run register that ties each control to the evidence behind it, one row per artifact, duplicable per client.
Get the register ↗The Shadow AI Starter Kit
Find every AI tool your org already uses: the 3-question discovery drill, an AI tool inventory, and a 1-page acceptable-use policy template — the 30-minute version of an AI governance program.
Get the kit ↗More Gatorbytes every week.
New templates and guides land with each Bayou Bytes issue.
Enter your license key.
Owners get downloads, version updates, onboarding, and support here. Your key unlocks this area — your compliance data never leaves your machine.
⚠ Demo gate — a visual placeholder, not real verification. Any key opens the preview. Real activation happens in the product at first launch; this web area wires up next.
Don't have a key yet? Become an owner →
All values are placeholders — the license service populates key, status, tier, seat & expiry on verify.
Every engine build and framework pack, with what changed and why.
Downloads are yours to keep — nothing auto-updates, nothing phones home after activation.
First-line support direct from the operator — 48 business-hour response, and we repair defects (repair, not refund).
Email support →Invoices and order history live with your storefront — Gumroad, where you purchased.
This area manages your purchase — license, downloads, and updates. We never store, see, or touch your assessment data; AxiomLens runs entirely on your machine.
