Operational Continuous Compliance

Risk is Moving
Faster Than Your Audit.

The Institute establishes the first continuous, real-time standard for quantifying supply chain risk. We operationalize data from the SBoM to the Boardroom.

Join the Institute Why Now?
VCRI_LIVE_MONITOR_V1.2
INFRA-PROVIDER-01 STATUS: COMPLIANT (FedRAMP)
HARDWARE-SUPPLY-X ALERT: FIRMWARE BACKDOOR DETECTED
AI-ANALYTICS-PARTNER ACTION: 4TH PARTY RISK REVIEW

The Regulatory Mandate is "Continuous"

Global frameworks have shifted. Point-in-time assessments are no longer sufficient. The law now requires ongoing visibility.

CMMC 2.0
United States

Requires contractors to "Monitor security controls on an ongoing basis to ensure continued effectiveness."

NIS2 Directive
European Union

Mandates "measures to manage the risks concerning the relationships between each entity and its direct suppliers."

CSRMC
Dept. of Defense

Introduces the "Continuous ATO" (Authority to Operate), requiring real-time dashboard visibility.

DORA
Global Finance

Financial entities must "manage ICT third-party risk as an integral component... and regularly review strategy."

The Solution

The "Inside-Out" Standard

We don't just scan IP addresses. The Institute ingests the Bill of Materials (SBoM/HBoM) and internal compliance data to create a normalized, quantified risk score.

  • Proven Standards

    Leveraging IEEE/UL 2933 for risk quantification and the Secure Controls Framework (SCF) for normalization.

  • Risk Pricing

    We enable dynamic risk pricing for cyber insurance and contract liability.

Risk Normalization Engine

1
Ingest Data
SBoM / FBoM / Audit Logs
2
Normalize Logic
Apply IEEE/UL 2933 Standards
3
Output Signal
Traffic Light Risk Score

Leadership & Advisory Board

Built by the architects of CMMC, SBOM, and the Secure Controls Framework.

Joshua Marpet

Executive Director

Co-Author of CMMC v1. Compliance & Risk veteran. Faculty at IANS. Former organizer of BSides Delaware.

Mary Ann Davidson

Former CSO, Oracle

Ret. after 40 years securing Oracle's global infrastructure. A legend in software assurance.

Allan Friedman

"Father of SBOM"

Formerly CISA/NTIA. Led the global charge for Software Bill of Materials transparency.

Tom Cornelius

Founder, SCF

Creator of the Secure Controls Framework (SCF), the gold standard for control normalization.

Mitch Parker

CISO, Indiana Univ. Health

Co-Vice Chair of IEEE/UL 2933. Expert in Clinical IoT security.

Robert Hill

CEO, Cyturus

30+ years navigating complex regulatory landscapes and supply chain risk.

Lee Neely

Senior Analyst, LLNL

SANS Instructor and Senior Cyber Analyst at Lawrence Livermore National Labs.

Paul Asadoorian

Researcher, Eclypsium

Founder of Security Weekly. Expert in firmware security and supply chain vulnerabilities.

Michael Shea

UN Transparency Protocol

Leading Digital Product Passports (DPP) and sustainability traceability for the UN.