See the shape of what’s allowed.
Upload your security policies. See which ones overlap, which are load-bearing, and where attackers can move freely.
What it does
- Analyses NIST 800-53, CIS v8, PCI-DSS v4, ISO 27001 rule sets
- Finds redundant controls (4 of 37 typical NIST controls add zero unique coverage)
- Identifies keystone policies (one control protecting 415,000 states with no backup)
- Maps attack paths (guest to admin in 2 steps, 5 controls bypassed)
- Measures policy drift (your implementation vs your intent)
- Shows change impact before you make changes
For: CISOs, security engineers, auditors, compliance teams.
State space: 6 million+ states analysed per policy set.