D-KaP Risk Lens — the EpochCore product that turns your FedRAMP risk assessment into a single signed file your 3PAO can verify in one pass — is part of our sealed-evidence catalog. You give us your system inventory and controls; you get back a complete risk register plus a tamper-evident attestation that ties every finding to the rule it satisfies.
Federal contractors pursuing a FedRAMP Moderate authorization spend weeks assembling a risk assessment that maps cleanly to RA-3 (Risk Assessment), RA-5 (Vulnerability Scanning), and the rest of the RA family. Most of that work is rebuild-from-spreadsheet busywork: pulling scanner output, normalizing it against the NIST 800-53 control catalogue, and convincing a 3PAO (third-party assessment organization) that nothing was edited after the fact. Your 3PAO will reject anything that looks hand-edited, and your ATO clock keeps ticking.
Risk Lens runs a single analysis pass over your system description and controls inventory, then returns three things in one shot: a complete risk register (every asset, threat, likelihood, impact, and treatment), a control-mapping document tying each finding to the specific FedRAMP RA-family rule it addresses, and a signed attestation that ties the entire package to a public root of trust. The output is a JSON file you can hand to your 3PAO and a human-readable PDF you can drop into your System Security Plan. Both carry a tamper-evident cryptographic seal, so anyone who later edits the file breaks the signature and the 3PAO sees it instantly.
40668c787c463ca5 without contacting us. Your 3PAO checks it offline.Upload a JSON or YAML file describing your system boundary, components, and the controls you have in place. The format is straightforward and we publish examples. No special tooling required.
Within minutes, you get back the signed JSON risk register and the human-readable PDF report. Both are sealed against tampering and tied to the public root of trust.
Your assessor verifies the seal with a single offline command. They see the file is original, the analysis is consistent, and the mapping covers every RA-family control. They accept it on the first review.
Example: A 40-person fintech pursuing FedRAMP Moderate for their treasury-management SaaS used to spend six weeks rebuilding their risk register before each 3PAO meeting. With Risk Lens they upload their inventory once, get a signed register and PDF back in under five minutes, and their 3PAO finishes the RA-family review in a single afternoon instead of two weeks of back-and-forth on whether the spreadsheet was tampered with.
One billable hour of a security engineer or compliance consultant costs more than this product. A single rejected 3PAO submission costs your ATO timeline a week or more, and most teams get rejected at least once for "your evidence looks edited." Risk Lens removes both the rebuild time and the rejection risk for less than dinner for two.
The same risk register and PDF, with an invisible watermark embedded in the document keyed to your account and the public root of trust. The mark stays attached through screenshots, JPEG compression, and re-uploads — it held up across 90 of 136 measured tampering attempts at structural similarity index 0.985 and zero false positives in our test set. It is not a magic shield (a determined attacker can still strip a file header), but it is machine-readable proof of custody that your auditors and any downstream regulator can independently confirm. MEASURED