RAVEN
All-in-one RMF. Air-gapped. DoD-ready.
An end-to-end Risk Management Framework and vulnerability management platform for DoD program offices, defense contractors, and federal agencies. Scanning, compliance authoring, ATO tracking, continuous monitoring, PKI, and signed air-gapped updates - consolidated into one on-premises product.
Current release: v0.40.1 -
What RAVEN Delivers
Full RMF in One Product
Scanning, compliance authoring, ATO tracking, ConMon, PKI, and signed air-gapped updates live in a single application - not a stitched-together multi-vendor stack.
Air-Gap Pipeline by Design
Signed .raven and .raven-data packages were part of RAVEN’s design from the start - the canonical delivery mechanism for classified and closed networks.
DoD-First Hardening
Systemd units ship with SystemCallFilter allow-lists, RestrictNamespaces, LockPersonality, and CapabilityBoundingSet. DoD consent banner and classification markings are enabled by default.
Built for Federal Authorization
18 Scanner Modules
OS and software inventory, services, ports, file permissions, registry, Docker, Kubernetes, firewall, crypto, audit, signature verification, FIM, and patch management - enriched with EPSS scores and CISA KEV data.
SSP, SAR, POA&M Authoring
Generate System Security Plans (NIST 800-18), Security Assessment Reports (NIST 800-53A), and POA&M packages aligned to 800-53 rev 5, 800-171, CMMC 2.0, FedRAMP, and CNSSI 1253 baselines.
ATO Lifecycle & ConMon
Full-lifecycle tracking from categorization through sustainment, with a continuous monitoring dashboard, scheduled ConMon evaluations, alert rules, and snapshot trending across control families.
Press coverage coming soon
Subscribe to get notified the moment we publish a release.
Stay Informed
Get cybersecurity compliance updates, CMMC news, and security insights delivered to your inbox.
RAVEN Questions
What is RAVEN?
Which frameworks does RAVEN support?
Does RAVEN work on an air-gapped network?
How are licenses activated?
What happens during the evaluation period?
How do I request a demo or pilot?
Deploy RAVEN
RAVEN is in production use today. Contact us to discuss a pilot on your network, or sign up for release updates.
Stay Informed
Get cybersecurity compliance updates, CMMC news, and security insights delivered to your inbox.
Release updates only. No spam, ever.