ISSM Vulnerability Management Platform — CMMC Level 2 & NIST 800-171 Ready
Most small defense contractors have no idea where their
vulnerabilities are — until a C3PAO assessor finds them first.
This is a fully functional, browser-based vulnerability
management platform built by a U.S. government ISSM with
15+ years of DoD experience. Everything you need to track,
document, and report on vulnerabilities — in one standalone
file. No subscription. No server. No IT department required.
WHAT IT DOES:
→ Dashboard — live visibility into your vulnerability posture
→ Vulnerability Registry — log, track, and prioritize findings
→ Asset Inventory — document all systems in scope for CMMC
→ POA&M Tracker — build and manage your Plan of Action
and Milestones for CMMC Level 2 compliance
→ Scanner Console — record and manage scan findings
→ AI Analyst — Claude AI powered analysis of your findings
→ Reports — generate compliance reports aligned to
NIST SP 800-171 requirements
→ Settings — configure the platform to your organization
WHO IT IS FOR:
→ Small defense contractors preparing for CMMC Level 2
→ IT managers at GovCon firms with no dedicated security staff
→ Security Most small defense contractors have no idea where their
vulnerabilities are — until a C3PAO assessor finds them first.
This is a fully functional, browser-based vulnerability
management platform built by a U.S. government ISSM with
15+ years of DoD experience. Everything you need to track,
document, and report on vulnerabilities — in one standalone
file. No subscription. No server. No IT department required.
WHAT IT DOES:
→ Dashboard — live visibility into your vulnerability posture
→ Vulnerability Registry — log, track, and prioritize findings
→ Asset Inventory — document all systems in scope for CMMC
→ POA&M Tracker — build and manage your Plan of Action
and Milestones for CMMC Level 2 compliance
→ Scanner Console — record and manage scan findings
→ AI Analyst — Claude AI powered analysis of your findings
→ Reports — generate compliance reports aligned to
NIST SP 800-171 requirements
→ Settings — configure the platform to your organization
WHO IT IS FOR:
→ Small defense contractors preparing for CMMC Level 2
→ IT managers at GovCon firms with no dedicated security staff
→ Security consultants managing client vulnerability programs
→ Any organization handling CUI that needs a documented
vulnerability management process
WHY IT MATTERS FOR CMMC:
CMMC Level 2 requires you to demonstrate a vulnerability
management process — not just say you have one. This platform
gives you the structure, documentation, and reporting to show
your C3PAO assessor exactly what you are doing and why.
HOW IT WORKS:
Download the file, open it in any browser, and start
logging vulnerabilities immediately. No installation.
No account. No API key required for core features.
Built by PeregrinoTech
Military Precision. Cyber Defense. Real-World AI.
payhip.com/PeregrinoTechconsultants managing client vulnerability programs
→ Any organization handling CUI that needs a documented
vulnerability management process
WHY IT MATTERS FOR CMMC:
CMMC Level 2 requires you to demonstrate a vulnerability
management process — not just say you have one. This platform
gives you the structure, documentation, and reporting to show
your C3PAO assessor exactly what you are doing and why.
HOW IT WORKS:
Download the file, open it in any browser, and start
logging vulnerabilities immediately. No installation.
No account. No API key required for core features.
Built by PeregrinoTech
Military Precision. Cyber Defense. Real-World AI.
payhip.com/PeregrinoTech