01
Documentation state
Thin or stale documentation means more early cleanup inside the evidence workspace. SentrIQ helps rebuild what is missing, but the gap is still real and your team has to close it.
§ Federal compliance pricing
Pricing by impact level.
Three plans tied to your FIPS 199 categorization. Same features across all three. Price scales with the scope of work each tier demands.
§ Picking a tier
Non-CUI federal data points to Low. CUI or PII points to Moderate. Severe-consequence data (health, financial, law enforcement) points to High.
Low
$24,000/ year
$2,000 per month on an annual contract
For systems handling non-CUI federal data. NIST 800-53 Low baseline, about 125 controls.
Moderate
$48,000/ year
$4,000 per month on an annual contract
For SaaS handling CUI or PII. NIST 800-53 Moderate baseline, about 325 controls. The default federal cloud tier.
High
$72,000/ year
$6,000 per month on an annual contract
For systems handling severe-consequence data: health records, financial, law enforcement, national security. NIST 800-53 High baseline, about 410 controls.
→ Consulting equivalents run $300K to $1M plus, before the engineering quarters lost to documentation.
§ What to expect
The tier price stays fixed. The timeline depends on where you start.
Pricing is set once you pick your tier. How fast you move depends on the state of your docs, the size of the boundary, and how much time your team can give the process.
02
System boundary size
More services in scope means more controls to map and more evidence to validate. SentrIQ handles the structure, and your engineers confirm what is true in the environment.
03
Team bandwidth
The product does a lot of the heavy lifting, but your team still needs to review, validate, and sign off. The more time you can give it, the faster the process moves.
§ What's included
Every tier includes.
Same product, same evidence-first foundation. The tier determines scope and effort, not features.
- Cloud evidence mapped to federal controls in real time.
- Assessor judgment, built in. Policy and technical evidence reviewed the way a security control assessor would.
- Gap analysis grounded in actual audit findings, with practical remediation paths.
- SSP and POA&M narratives drafted from your evidence, ready for your team to refine.
- A documentation workspace built for the engineers and security leads doing the work.
- Outputs your 3PAO can pick up and assess without translation work.
- Continuous monitoring with POA&M aging and drift detection.Coming soon
§ Common questions
Pricing questions, answered.
§ Next step
See where your readiness stands now.
Start free in the product, schedule a demo, or use the checklist to get a clear read on the gaps. No contract required.