TempestShield, Coming Soon

CMMC compliance
shouldn't require a consultant for every form.

TempestShield automates the evidence collection, gap tracking, and documentation generation that DIB contractors currently do manually, or pay consultants to do for them. Built by practitioners who've run CMMC assessments.

Contact Us About Early Access See What We're Building

The problem we're solving

The 110 controls in NIST 800-171 require ongoing evidence, screenshots, logs, policy acknowledgments, access reviews, configuration exports. For most small contractors, that evidence lives in a folder on someone's desktop that gets updated the week before an assessment. That approach fails C3PAO assessments.

TempestShield collects that evidence automatically, continuously, and formats it for your SSP binder. ByteTempest consulting clients who use TempestShield enter assessments with organized, complete evidence, and C3PAO assessment prep time drops significantly.

What makes it different

TempestShield is built by the people who run CMMC assessments, not software engineers who read the framework once. The M365 and Azure integrations pull real evidence from your actual environment, not hypothetical templates. The SSP builder generates documentation in the format C3PAOs expect, because we know exactly what they look for.

The live SPRS calculator means you always know your real score, not the optimistic one you wrote in your self-attestation two years ago.

MVP Feature Set

What Phase 1 includes

Core platform
  • Control tracker: All 110 NIST 800-171 controls with status, owner, notes, and evidence attachment.
  • Live SPRS calculator: Real-time score based on current control statuses. Shows delta from prior assessment.
  • POA&M generator: Exports a properly formatted Plan of Action & Milestones from open/partial controls.
  • Evidence locker: Attach files, screenshots, and config exports to individual controls. Version-tracked, timestamped.
  • SSP builder: Guided System Security Plan generation. Outputs a formatted SSP ready for assessor review.
M365 / Azure integrations
  • Entra ID: Pull user list, MFA enrollment, privileged accounts, and Conditional Access policy summaries via Graph API.
  • Defender for Business: Import endpoint protection status, last scan dates, and detected threats as control evidence.
  • Intune: Pull device compliance, encryption state, and patch levels for CM controls.
  • Purview / Compliance Center: DLP policy status, audit log retention, and sensitivity label coverage.
  • SharePoint / OneDrive: Access control reports, external sharing audit, CUI location mapping.
Frontend
React + TypeScript, Tailwind
Backend
Node.js / FastAPI, PostgreSQL
Auth
Microsoft Entra ID SSO
Hosting
Azure (GCC-adjacent)
Pricing
Level 1

Self-assess tier

$299
/month per org
For Level 1 contractors managing self-assessment documentation.
  • 17-control Level 1 tracker
  • SPRS calculator
  • Evidence locker (5GB)
  • Annual affirmation support
  • PDF / XLSX export
Level 2, Standard

Full platform

$799
/month per org
Full 110-control coverage with M365 integrations. The core product.
  • All 110 controls
  • M365 / Azure integrations
  • SSP builder + POA&M generator
  • Evidence locker (25GB)
  • Live SPRS calculator
Level 2, Guided

Platform + consulting

$1,499
/month per org
Platform plus monthly ByteTempest consulting hours for active certification work.
  • Everything in Level 2 Standard
  • 4 hrs/month consulting
  • Monthly posture review call
  • C3PAO prep support
  • Priority support SLA
  • Unlimited evidence storage
Early access

Interested in TempestShield?

Early access clients will shape the feature roadmap and receive founding member pricing, locked for life. Reach out directly to get on the list.

Contact us about early access โ†’

No sales pitch. We will reach out when early access opens.