Two paths. You drive, or we do.
DIY — license the platform, your team runs it; from 2.5% of cloud spend. Fully-Managed VIP — our cleared US engineers run the entire compliance state on your environment; scoped separately. A dedicated ATO + CMMC plan sits alongside both.
License PolicyCortex and run your own program.
These four plans are the platform itself. Your team operates it. You get the same automation engine that powers our done-for-you engagements — you just drive it. Pricing scales with your cloud footprint, not seat count.
Free Trial
14 days · no credit card
See PolicyCortex in your environment before you commit.
Start Free TrialIncludes
- 1 cloud account (AWS, Azure, or GCP)
- Full compliance scan (CMMC, NIST, CIS, FedRAMP)
- Issue detection & severity scoring
- Remediation recommendations
- 14-day access to the full platform
Governance
of cloud spend / year
For defense contractors who need CMMC and continuous compliance.
Request Access37–71% below Wiz + VantaEverything in Free Trial, plus
- Unlimited cloud accounts
- Compliance frameworks (CMMC, NIST, CIS, FedRAMP)
- Autonomous remediation with Safety Sandwich
- SSP & POA&M generation
- Evidence collection & audit readiness
- Policy-as-code engine
- Priority support
AI Observability
of cloud spend / year
For organizations with compliance handled that need AI governance.
Request Access57–94% below AI governance stackIncludes
- Shadow AI discovery & inventory
- AI model monitoring & token tracking
- LLM guardrails & content filtering
- MITRE ATLAS threat coverage
- NIST AI RMF mapping
- OMB M-25-21 compliance
- Model risk scoring
Full Stack
of cloud spend / year · all-in
Governance + AI observability + full observability in one platform.
Contact Us52–85% below stacked alternativesEverything in Governance + AI Observability, plus
- Full observability (APM, infra, logs, security)
- AI-powered anomaly detection
- Unlimited users
- Custom integrations
- Dedicated onboarding
- Premium support
Need federal authorization?
ATO & CMMC is a dedicated plan, scoped to your environment. Assessment firms charge $70K–$300K for equivalent scope.
ATO & CMMC
Dedicated federal authorization plan
Federal authorization and CMMC Level 2 compliance automation as its own dedicated plan — not bundled, not an add-on. Pricing scales with your CUI scope, environment count, and impact level.
- CMMC Level 2 documentation & evidence
- FedRAMP Moderate continuous monitoring
- ATO package generation (IL2–IL5)
- C3PAO assessment readiness
- Gap analysis & remediation tracking
Hand the entire compliance state to us.
For organizations that don't want to operate the platform internally. Cleared US personnel run PolicyCortex on your environment, manage your continuous compliance posture, and own the audit-facing work end to end. No internal GRC team required.
Fully-Managed Compliance
We own the entire compliance state — you stay focused on your contract
Cleared US engineers operate PolicyCortex on your environment, maintain your CMMC / NIST / FedRAMP posture continuously, and represent your evidence package to assessors. The opposite of DIY: we are accountable for the outcome, not just the tooling.
- DoD Secret + DoE Q-cleared founder oversight
- Cleared US engineers run the platform daily
- SSP & POA&M maintained continuously, not at audit time
- C3PAO / AO walkthroughs with you on the call
- Drift detection & autonomous remediation managed
- Quarterly executive compliance reviews
- Incident response on the 72-hour DFARS clock
- Procurement vehicle flexibility (GSA, SEWP, AWS Marketplace)
Not sure which path? Start with the 30-day pilot — fixed scope, fixed fee, you can decide on long-term engagement after.
Federal agencies: 2.5% of a $500K cloud environment = $12.5K/year - under the federal micro-purchase threshold. Purchase with a Government Purchase Card, no competitive bidding required.
Compare plans
DIY vs Fully-Managed VIP?
DIY = you license the platform, your team operates it. VIP = our cleared US engineers run it on your environment, maintain the compliance state day-to-day, handle assessor work. DIY is for teams with internal GRC capacity; VIP is for organizations that want to stay focused on contract work and hand compliance off entirely.
How does percentage pricing work?
Governance and AI Observability are 2.5% of your annual cloud spend. Full Stack is 4%. $500K cloud spend → $12.5K Governance. $1M Full Stack → $40K. Billed annually. ATO+CMMC and VIP are scoped separately.
Why is ATO + CMMC custom-priced?
Federal authorization scope varies. CMMC L2 with a tight enclave is a different engagement from CMMC L3 across multiple IL impact levels. We size each engagement to your CUI footprint, environment count, and target impact level (IL2–IL5) so you pay for what you actually need.
What does VIP include?
Cleared US engineers operate PolicyCortex on your environment daily. SSP + POA&M maintained continuously. We handle drift detection, autonomous remediation, walking evidence through C3PAO + AO assessments, DFARS 72-hr clock incident response, and quarterly exec compliance reviews. Founder (DoD Secret + DoE Q) oversees personally.
Free trial?
14-day full platform access on one cloud account. Connect AWS, Azure, or GCP and run a complete scan against CMMC, NIST 800-171, CIS, and FedRAMP. No credit card required.
Federal micro-purchase threshold?
Many small-to-mid cloud environments fall under the $15,000 micro-purchase threshold. $500K cloud → $12.5K, well under the threshold. Federal agencies can purchase with a Government Purchase Card — no competitive bidding, procurement completes in days. See the Procurement page for AWS / Azure Marketplace, GSA, SEWP V channels.
Two paths. Both pay back in the first quarter.
14-day free trial on one cloud account, no credit card. Or jump straight to a 30-min scoping call with the founder.