# AutoGRC

> Comply once, prove many. AutoGRC maps a single set of security findings to control coverage across eight compliance frameworks at once.

AutoGRC is an ElasticD3M, LLC Agent-as-a-Service product. Submit your security findings (scan output or assessment results); receive a per-framework coverage matrix plus a fix-first remediation priority list.

## Frameworks
CMMC Level 2, NIST CSF 2.0, SOC 2, HIPAA, PCI-DSS 4.0, ISO 27001, FTC Safeguards, NYDFS 500.

## Products
- Coverage Check: Free, stateless. Multi-framework coverage from your findings. No account, no data retention.
- AutoGRC Continuous: Ongoing monitoring, tamper-evident evidence, deadline tracking, dashboard. $1,995/month, month-to-month, all eight frameworks included (no per-framework add-ons). Self-serve checkout opening soon; until then contact hello@ai4grc.ai.

## API (free Coverage Check)
Base: https://app.ai4grc.ai/api
- GET  /v1/frameworks       List supported frameworks, control counts, thresholds.
- POST /v1/coverage         Body {findings:[...], frameworks?:[...]} -> per-framework coverage matrix.
- POST /v1/gap-analysis     Body {findings:[...], frameworks?:[...]} -> remediations ranked by cross-framework leverage.
- POST /v1/risk-delta       Body {prior_findings:[...], current_findings:[...], frameworks?:[...]} -> what changed, why it matters (per-framework control deltas + threshold flips), what to do next (ranked actions, each with a ready-to-send REL AI execution hand-off), executive summary, SHA-256 evidence digests. Deterministic control-mapping arithmetic; no generative step.
OpenAPI: https://app.ai4grc.ai/openapi.json

## Contact
hello@ai4grc.ai

## Notes
All data is processed in United States regions. The free Coverage Check is stateless and does not retain submitted findings.