Production-Ready

RAVEN

All-in-one RMF. Air-gapped. DoD-ready.

An end-to-end Risk Management Framework and vulnerability management platform for DoD program offices, defense contractors, and federal agencies. Scanning, compliance authoring, ATO tracking, continuous monitoring, PKI, and signed air-gapped updates - consolidated into one on-premises product.

Request a DemoClient Portal

Current release: v0.40.1 -

NIST RMF800-53 rev 5800-171CMMC 2.0FedRAMPCNSSI 1253DISA STIG/SRGFIPS 140-3CycloneDX 1.5 SBOM
Capabilities

What RAVEN Delivers

Full RMF in One Product

Scanning, compliance authoring, ATO tracking, ConMon, PKI, and signed air-gapped updates live in a single application - not a stitched-together multi-vendor stack.

Air-Gap Pipeline by Design

Signed .raven and .raven-data packages were part of RAVEN’s design from the start - the canonical delivery mechanism for classified and closed networks.

DoD-First Hardening

Systemd units ship with SystemCallFilter allow-lists, RestrictNamespaces, LockPersonality, and CapabilityBoundingSet. DoD consent banner and classification markings are enabled by default.

Why RAVEN

Built for Federal Authorization

18 Scanner Modules

OS and software inventory, services, ports, file permissions, registry, Docker, Kubernetes, firewall, crypto, audit, signature verification, FIM, and patch management - enriched with EPSS scores and CISA KEV data.

SSP, SAR, POA&M Authoring

Generate System Security Plans (NIST 800-18), Security Assessment Reports (NIST 800-53A), and POA&M packages aligned to 800-53 rev 5, 800-171, CMMC 2.0, FedRAMP, and CNSSI 1253 baselines.

ATO Lifecycle & ConMon

Full-lifecycle tracking from categorization through sustainment, with a continuous monitoring dashboard, scheduled ConMon evaluations, alert rules, and snapshot trending across control families.

In the News

Press coverage coming soon

Subscribe to get notified the moment we publish a release.

Stay Informed

Get cybersecurity compliance updates, CMMC news, and security insights delivered to your inbox.

FAQ

RAVEN Questions

What is RAVEN?
RAVEN is an end-to-end Risk Management Framework and vulnerability management platform for DoD program offices, defense contractors, and federal agencies. It consolidates scanning, compliance authoring, ATO tracking, continuous monitoring, PKI, and signed air-gapped updates into one on-premises product.
Which frameworks does RAVEN support?
NIST RMF (SP 800-37), NIST SP 800-53 rev 5, NIST SP 800-171, the NIST Cybersecurity Framework, CMMC 2.0, FedRAMP, CNSSI 1253, DISA STIG/SRG, FIPS 140-3 (capable via the OpenSSL FIPS provider), and CycloneDX 1.5 SBOM.
Does RAVEN work on an air-gapped network?
Yes. Air-gap operation was part of RAVEN’s design from day one. Updates and threat feeds are delivered as signed .raven and .raven-data packages, verified on import with Ed25519 signatures and auto-applied through a staged pipeline. No internet connectivity is required.
How are licenses activated?
Upload the signed .raven-license file through the setup wizard or the Settings page. The license is verified using Ed25519 cryptographic signatures locally - no internet connection or license server is required.
What happens during the evaluation period?
New installations start with a 14-day evaluation that includes core scanning and compliance monitoring with capacity limits (up to 25 targets, 5 agents, 3 users, 1 concurrent scan). Scheduled scans, eMASS export, SBOM generation, and SSP/SAR artifact generation are disabled during evaluation. After 14 days, RAVEN enters a locked read-only state until a license is applied - no data is lost.
How do I request a demo or pilot?
Use the Request a Demo button above or email info@GlacierByteTechnology.com. Our team typically responds within one business day and can arrange a pilot on your network.

Deploy RAVEN

RAVEN is in production use today. Contact us to discuss a pilot on your network, or sign up for release updates.

Contact UsClient Portal

Stay Informed

Get cybersecurity compliance updates, CMMC news, and security insights delivered to your inbox.

Release updates only. No spam, ever.