Built for security teams who understand that compliance is a means to an end — not the end itself. Every feature in TATER is designed to improve your actual security posture, not just your audit score.
Compliance audit prep shouldn't require an all-nighter. TATER's continuous monitoring means evidence is always collected, every control is always assessed, and your posture is always audit-ready — not just the week before.
Map, assess, and report across all major compliance frameworks from a single platform.
Assess 5,000+ controls across 19 compliance frameworks from a single unified interface. NIST 800-53, ISO 27001, SOC 2, PCI-DSS, HIPAA, CIS Benchmarks, CISA SCuBA, DISA STIGs, and more — with cross-framework overlap detection.
Learn More →Map controls to NIST 800-53, ISO 27001, SOC 2, PCI-DSS, and HIPAA with granular control mapping and per-org compliance narratives. Track posture across all frameworks simultaneously.
Learn More →Generate audit-ready responses for 300+ standard controls across NIST, ISO, SOC 2, PCI-DSS, and HIPAA. Context-aware prompts use your actual compliance posture to produce organization-specific narratives.
Learn More →Generate audit-ready security policies from 11 professional templates with org branding and PDF export. Information Security, Incident Response, Access Control, and more — ready in minutes.
Learn More →Track historical compliance posture over time with interactive trend charts. Visualize improvement trajectories, identify regressions, and demonstrate progress to auditors and leadership.
Executive-ready dashboards with drill-down analytics. Generate compliance reports by framework, export to CSV/Excel, and track KPIs across your entire environment.
Most organizations face overlapping compliance requirements from multiple regulatory bodies. TATER eliminates the need to manage each framework independently by providing a single unified view of 5,000+ controls spanning CIS Benchmarks, CISA SCuBA, DISA STIGs, NIST 800-53, ISO 27001, SOC 2, PCI-DSS, and HIPAA. When one control satisfies requirements across multiple frameworks, TATER maps those relationships automatically so you only need to collect evidence once.
The platform continuously evaluates your environment against all active frameworks simultaneously. Real-time scoring shows exactly where you stand with each authority, and cross-framework gap analysis reveals shared weaknesses that a single-framework tool would miss entirely.
Auditors expect more than a list of pass/fail results. TATER maps every compliance control to the specific sections of NIST 800-53, ISO 27001, SOC 2, PCI-DSS, and HIPAA where they apply, then lets you attach per-organization compliance narratives explaining your implementation approach for each standard section.
The standards detail view breaks each framework into its constituent sections and shows which TATER controls map to each one, along with the current compliance percentage. AI-powered narrative generation uses your actual scan results and organizational context to draft audit-ready responses.
Writing compliance narratives, answering audit questionnaires, and drafting remediation guidance consumes hundreds of hours per audit cycle. TATER uses AI to generate context-aware responses for over 300 standard controls. Each narrative incorporates your actual compliance scan results, organizational context, and implementation details to produce answers that auditors will accept.
Beyond narratives, the AI assists with remediation guidance by suggesting specific configuration changes based on the control definition and your current environment state.
TATER provides 11 professionally written policy templates covering the most common requirements auditors look for: Information Security, Acceptable Use, Incident Response, Access Control, Data Classification, Business Continuity, Change Management, Vendor Management, Remote Work, Data Retention, and Vulnerability Management.
Each template uses a variable engine with typed placeholders. Generated policies export to branded PDFs with your organization logo, cover page, table of contents, and professional formatting.
Detect vulnerabilities, map adversary techniques, and remediate findings automatically.
1,446+ pre-built remediation scripts execute with one click — 67 for M365 cloud controls and 1,379 for Windows endpoint hardening (W11E, Server 2019/2022/2025). Secure execution via Azure Automation.
Learn More →1,318 CIS Benchmark remediations for Windows 11 Enterprise and Server 2019/2022/2025 — filter by severity, select failing controls, and trigger automated fixes with one click.
Learn More →Discover CVEs across your fleet via Microsoft Defender for Endpoint. Cross-reference with CISA KEV catalog and EPSS exploit prediction scores.
Learn More →Weighted risk scores prioritize remediation by impact, likelihood, and asset criticality. SLA timers track remediation deadlines with escalation warnings.
Learn More →Map compliance controls to MITRE ATT&CK adversary techniques. Visualize coverage gaps and identify which tactics your controls defend against.
Learn More →Automatically discover and track 80+ applications across your environment. Integrated endoflife.date version checking flags EOL software before it becomes a gap.
Learn More →Detect configuration changes between scan cycles in real time. Drift alerts notify you when controls regress from Pass to Fail so you can respond before your next audit.
Prioritize vulnerabilities using FIRST EPSS probability scores. Focus remediation on CVEs most likely to be exploited in the wild, not just the highest CVSS.
Eight pre-built incident response playbooks guide your team step-by-step through security events with decision trees and escalation paths.
Learn More →Curated step-by-step rollouts for high-leverage initiatives — Conditional Access for compliant devices, MFA, DMARC enforcement, BitLocker, PIM. Verification and rollback notes at every step. Per-org progress tracking. Reviewed periodically for accuracy.
Learn More →Wikipedia-style wiki shared across every TATER organization. Generic process knowledge — troubleshooting playbooks, diagnostic decision trees, remediation methodology, vendor primers, error-code translations. Searchable, contributable by any Auditor+, with a content validator that prevents organization-specific data leakage.
Learn More →TATER closes the loop with 1,446+ pre-built remediation scripts that fix failing controls directly from the platform. A single click triggers a secure execution pipeline through Azure Automation, complete with user confirmation, parameter review, and full audit trail logging.
The system covers two domains: 67 M365 cloud scripts fix Defender, Exchange Online, SharePoint, Entra ID, Power BI, Purview, and CISA SCuBA controls via the Graph API. 1,379 Windows endpoint scripts harden Windows 11 Enterprise and Windows Server 2019/2022/2025 machines against CIS Benchmark controls via local registry, secedit, auditpol, and firewall policy.
TATER's Endpoint Hardening Plan gives you a complete, actionable checklist of CIS Benchmark controls for every Windows platform in your environment — with one-click automated remediation for each.
The plan pulls scan results from the TATER agent running on your endpoints, shows each control's current Pass/Fail/Not Scanned status, and lets you filter by severity (Critical/High/Medium/Low) or status. Select multiple failing controls and trigger all their remediations in batch — scripts run through Azure Automation and report results back in real time.
TATER integrates with Microsoft Defender for Endpoint to pull device inventories, CVE data, and software catalogs directly into your compliance platform. Every vulnerability is automatically cross-referenced against the CISA KEV catalog. EPSS scores help prioritize remediation by real-world exploit likelihood.
The endpoint security dashboard provides tabbed views for devices, vulnerabilities, CISA KEV alerts, installed software, security recommendations, and Intune compliance status.
TATER assigns weighted risk scores to every control based on impact severity, likelihood of exploitation, and asset criticality. SLA tracking adds accountability: critical findings get 24-hour SLAs, medium-risk items get 30 days. Escalation warnings appear as deadlines approach.
Quantitative risk metrics including ALE, SLE, and ARO transform subjective risk assessments into concrete financial figures for executive communication.
TATER bridges compliance and threat intelligence by mapping controls directly to ATT&CK tactics and techniques. The coverage view shows which tactics are addressed by your current posture and where gaps exist, allowing you to prioritize based on real-world threat intelligence.
TATER automatically discovers applications running across your environment by analyzing endpoint scan data. Every discovered application is checked against the endoflife.date API for version lifecycle status. EOL software is flagged immediately.
TATER includes 8 pre-built incident response playbooks that provide structured, step-by-step guidance for the most common security scenarios. Each playbook follows industry-standard methodology with clear phases for preparation, detection, containment, eradication, recovery, and lessons learned.
Implementation Guides are curated, step-by-step rollouts for the security initiatives every M365 organization eventually needs to do — but rarely has documented end-to-end. Each guide is structured for project-style execution: prerequisites, ordered steps with explicit verification at each one, rollback notes for when something doesn't go as planned, and links to the controls and frameworks the initiative advances.
p=rejectTATERpedia is a Wikipedia-style wiki shared across every TATER organization. It's the platform's collective brain — generic process knowledge that every customer benefits from but no single org should have to write from scratch.
13 purpose-built GRC modules covering the full governance lifecycle — from risk registers and audit management to change control and regulatory tracking — integrated with the core compliance engine.
Central risk catalog with quantitative ALE scoring, treatment plans, and a 5x5 likelihood-impact heat map. Risks link bidirectionally to compliance controls.
Learn More →Plan, execute, and track audits. Manage findings from discovery to resolution, collect evidence from control owners, and maintain an audit calendar.
Inventory data assets with classification labels, map data flows, conduct privacy impact assessments, and enforce retention policies.
Document BCP/DR plans with RTO/RPO targets, conduct business impact analysis, and track test exercises with version-controlled procedures.
Structured approval workflows for risk acceptance with compensating controls, multi-level approval chains, and automatic expiry enforcement.
Curated feed of framework updates with impact assessments, affected controls analysis, and compliance deadline tracking.
Campaign management with target audiences, completion tracking, phishing simulation result import, and training compliance reports.
Automated test scheduling with reusable test procedures, historical results with trend charts, and automatic gap detection from failures.
Periodic user access certification campaigns. Review privileged roles, service accounts, and group memberships with approve/revoke workflows and audit-ready evidence.
Unified timeline view of 18 event sources — access reviews, control tests, exception expiries, BCP/DR drills, training deadlines, vendor assessments, audit milestones, override expiries, change implementation dates, policy review cycles, subscription renewals, tenant credential expiries, daily endpoint scans, and more — in one calendar with iCal feed.
Multi-phase remediation planning with drag-and-drop control assignment, cascading phase durations, optional Phase 0 discovery, and MSP billing columns for service delivery tracking.
Learn More →Third-party risk tracking with vendor profiles, risk tiers, contract management, SLA monitoring, compliance questionnaires, and assessment workflows.
Visual framework builder with drag-and-drop domains, custom threshold logic, JSON import/export, and cross-mapping to standard frameworks.
Structured change request lifecycle with automatic approval routing. Low and medium impact changes auto-approve; high and critical require OrgAdmin sign-off. Full audit trail on every decision.
TATER goes beyond compliance scanning with 13 purpose-built GRC modules. The Risk Register provides a central catalog with 5x5 heat map visualization, quantitative ALE scoring, and four treatment options. Exception and waiver management handles structured approval workflows with compensating control documentation.
Audit Management supports the full lifecycle from planning through finding resolution. Business Continuity and Disaster Recovery modules maintain versioned plans with RTO/RPO tracking. Data Classification inventories assets with sensitivity labels. Security Awareness Training tracks campaigns and completion rates. Control Testing automates scheduled evaluations.
The Compliance Roadmap translates your current scan results into a prioritized, multi-phase remediation plan. Controls are assigned to phases with estimated effort, owner, and completion targets. An optional Phase 0 Discovery automatically collects unscanned and manual-review controls for assessment before remediation phases begin.
Phase durations cascade automatically: changing one phase's timeline shifts all subsequent phases, eliminating manual date math. MSP organizations see additional fee and billing columns on each phase card, making it straightforward to scope and price remediation engagements for clients.
TATER includes purpose-built AI capabilities that go well beyond chat: an agentic compliance analyst, autonomous evidence collection, MCP server integration, and living network documentation that builds itself.
An agentic AI assistant with 12 TATER-specific tools. It reads your scan data, creates risk acceptances, assigns controls, triggers remediations, and documents evidence — pausing to confirm critical actions with a human-in-the-loop design.
Learn More →The TATER Agent (Go binary) includes a browser-based evidence collector that navigates Microsoft admin portals, takes screenshots, and documents findings for Manual Review controls — automatically.
Learn More →Connect Claude Desktop or Claude Code to TATER via the Model Context Protocol. 61 tools expose your compliance data, risk register, controls, and change queue directly to your AI assistant.
Learn More →Every AI agent interaction automatically adds to a searchable knowledge base — infrastructure configs, CA policies, mail flow, endpoint settings, and resolved support issues. The library gets more accurate with every control investigated and every help desk ticket resolved.
Learn More →Manual Review controls with known default postures are automatically predicted as pass or fail based on platform defaults — shrinking the unknown compliance surface and surfacing hidden risk.
A lightweight Go binary for Windows, Linux, and macOS. Windows runs as a service with system tray, local dashboard (Edge app mode), auto-update, and DPAPI config encryption. Linux daemon (RHEL/Ubuntu) includes 20 built-in security controls covering firewall, SSH hardening, disk encryption, SELinux/AppArmor, auditd, kernel hardening, and more — available as amd64 and arm64 binaries. macOS tray application for Intel and Apple Silicon with browser-based evidence collection.
The AI Compliance Analyst is an agentic assistant powered by Claude. Unlike a simple chat interface, it operates as an autonomous agent with 12 TATER-specific tools it can invoke in sequence to complete multi-step tasks. It reads your scan results, identifies patterns, and proposes actions — creating risk acceptances, assigning controls to team members, adding evidence comments, and triggering remediations.
A human-in-the-loop design ensures the analyst always pauses and asks before taking consequential actions. Critical and high-severity findings require explicit user confirmation before an override or remediation is triggered. The analyst surfaces its reasoning at every step so you understand what it's doing and why.
AI_ANALYST_MODEL environment variableThe Evidence Agent is built into the TATER Windows endpoint agent (Go binary). It navigates Microsoft admin portals using a real browser (via chromedp), waits for the user to sign in, then systematically steps through Manual Review controls — taking screenshots, analyzing them with Claude, and documenting findings as evidence comments in TATER.
A polling loop in the agent checks for pending evidence jobs every 15 seconds. PowerShell-based controls run directly via the existing scanner pipeline. All findings are posted to the Comments API with source: 'evidence-agent' for full traceability in the audit log.
TATER exposes its compliance data via the Model Context Protocol (MCP) in two deployment modes: an HTTP MCP endpoint at /api/mcp for remote connections (compatible with claude.ai), and a local stdio MCP server for Claude Desktop and Claude Code.
61 tools give your AI assistant direct access to scans, controls, the risk register, overrides, people, assignments, change requests, framework narratives, remediation history, community stats, evidence jobs, config documentation, and manual control verification. The first tool any agent must call is get_org_context to confirm which organization it is operating in before taking any action.
Agents are instructed to document proactively: whenever they encounter configuration data, infrastructure topology, or security findings, they call upsert_config_doc automatically — building your org's knowledge base as a natural byproduct of compliance work, not as a separate task.
X-Organization-Id headerget_org_context session initialization prevents cross-org mistakesNetwork documentation is the single most neglected IT discipline. Most organizations discover what their network actually looks like during an incident — when it's too late. TATER changes this by making documentation an automatic byproduct of compliance work rather than a separate effort.
Every AI agent interaction adds to a structured, searchable configuration knowledge base. When an agent remediates a control, it documents the before/after state. When it encounters a firewall dependency, it records it. When it analyzes scan results, it captures the posture snapshot — all without being asked.
This knowledge base is not just for humans. Future AI agents read existing docs before making recommendations. If a Palo Alto NGFW is documented as inspecting traffic on a subnet, the next agent to touch Global Secure Access settings will automatically read that dependency and build a recommendation that avoids the conflict — without requiring the user to explain the network topology again.
Every doc follows a consistent template: Current State, Configuration Details, Infrastructure Dependencies, Known Conflicts, Recommended Integration Settings, and Related Controls. The "Recommended Integration Settings" section is specifically designed to be read by AI agents when making configuration recommendations for adjacent systems.
Every time Claude resolves a support issue inside TATER, the resolution is written back into the library with the root cause, the fix, and any affected configuration context. The next time the same issue surfaces — from a different user, on a different endpoint, six months later — Claude already has the answer. Escalations to senior engineers decrease. Repeat tickets stop recurring. And the institutional knowledge stays in the platform, not in someone's head.
The library does not need to be maintained. It is a byproduct of using TATER with Claude. The more compliance work, investigations, and support resolutions run through the platform, the more accurate and useful the documentation becomes.
Bring your compliance data into Microsoft's productivity ecosystem without writing a line of code.
scan.completed event fires every time a scan finishes, with pass/fail counts and compliance rate as trigger datahttps://api.tatersecurity.com/api/reports/powerbi?dataset=controls, add x-api-key headerX-TATER-Event-Type: scan.completedIntegrate with your existing tools and present compliance data to every audience.
16 built-in integrations: SIEM forwarding via syslog (CEF) and HMAC-signed webhooks, Teams, Slack, email alerts, and ticketing system connections.
Learn More →Oversee multiple client organizations from a single platform. Three-tier client access (Monitor, Operate, Manage), cross-org dashboards, side-by-side comparison, and white-label branding options.
Learn More →Groups, feature-level permission toggles, and simplified view modes. Tailor the experience for executives, auditors, and technical staff.
Learn More →Publish a public-facing Trust Center for your customers. Share real-time compliance status, certifications, and security practices transparently.
Connect Power BI directly to live TATER data for custom dashboards and executive reports. Automate compliance workflows in Power Automate with a dedicated custom connector, triggers, and actions.
Learn More →Native, ready-to-run scanners for the four core Microsoft surfaces — Entra ID (12 checks: legacy auth, MFA, security defaults, PIM, CA policy count, sign-in risk, GA count), Defender for Endpoint (8 checks: device onboarding, AV/EDR, critical CVEs, exposure score, sensor health), Intune (8 checks: compliance policies, ASR, BitLocker, Windows Update rings, MDM coverage), and Azure (10 checks: Defender for Cloud secure score, Key Vault, NSG open ports, Activity Log alerts, RBAC owners). 38 checks total, no extra credentials needed beyond the existing tenant connection.
Cloud Graph scan now covers SPF / DKIM / DMARC records (DNS-resolved), Customer Lockbox, external calendar sharing restrictions, Modern Auth, external auto-forwarding block, plus Azure log infrastructure: Entra ID diagnostic settings forwarded to Log Analytics or Event Hub, and 365-day log retention on the workspace. CISA SCuBA-aligned and runs on every cloud scan.
Export scan results, control lists, vulnerability data, and compliance reports to CSV and Excel formats for your existing workflows.
Publish a lightweight compliance score widget on your website or customer portal with real-time data from your TATER dashboard.
Automated scans detect configuration drift in real time. Forward events to your SIEM via syslog (CEF) or HMAC-signed webhooks.
Set up cloud compliance scans in three guided steps. The wizard walks through app registration, permissions, and scheduling.
Intelligent deduplication at upload ensures efficient storage while maintaining full scan history and drift comparison capabilities.
TATER offers 41 integrations spanning notification channels, SIEM platforms, ticketing systems, and identity providers. SIEM integration supports syslog (CEF format) and HMAC-signed webhooks. Notification rules configure which events trigger alerts and where they go.
TATER was built from the ground up as a multi-tenant platform with strict data isolation. The MSP portal provides a cross-organization dashboard and streamlined client onboarding with organization templates. Organizations flagged as MSPs unlock additional operational controls: fee and billing columns in compliance roadmaps, white-labeling controls, and service delivery metrics across the client base.
The MSP flag (isMsp) is set by a SuperAdmin on any organization. Once enabled, that org's admins see billing context in roadmap phases and can configure client-facing white-label branding independently from internal views.
Three-tier client access controls precisely what MSP staff can do in each client organization. Tiers are org-to-org relationships managed from the MSP Portal: Monitor (Tier 1) grants read-only access to dashboards, scans, and reports; Operate (Tier 2) adds the ability to manage compliance workflows including overrides, roadmaps, assignments, and remediations; Manage (Tier 3) provides full organization administration including branding, API keys, and tenant credentials.
TATER provides granular control over what each user sees through groups, feature-level permission toggles, and simplified view modes. Feature master switches at the organization level let OrgAdmins enable or disable entire capability areas.
TATER is the only compliance platform with built-in gamification, community leaderboards, and achievement systems — keeping your team engaged and motivated to maintain strong security posture.
Every team member gets a customizable profile with a unique nickname, avatar, bio, and accent color. Co-workers see each other's real names alongside nicknames for human context.
Team members earn XP from 19 action types: scans, remediations, evidence comments, risk acceptances, policies, control assignments, evidence exports, audit snapshots, auditor tokens, AI Analyst sessions, plus governance creators (risks, exceptions, change requests, vendors, audits, BCP/DR plans, training campaigns, policy approvals) and achievement bonuses. Progress through 7 levels from Rookie to Legend.
14 leveled badges that recognize the people doing GRC work — Risk Logger, Exception Handler, Change Steward, Vendor Tracker, Audit Lead, BCP Planner, Training Coordinator, Policy Approver — each with first-create, 10x, and 25x milestone tiers. Auto-awarded as records are created across the GRC module suite.
User achievements covering every compliance workflow — from First Scan to Evidence Exporter to AI Analyst. Includes secret achievements that reward deep platform mastery. Bonus XP awarded per unlock.
Organizations earn collective achievements for milestones like first scan, high compliance rates (80%/90%/95%), team size growth, multi-framework adoption, and successful remediations. A motivating shared goal for the whole team.
Real-time org leaderboards rank your team across six categories: XP, scans completed, remediations triggered, evidence comments, policies created, and achievements unlocked. Org leaderboards let you compare across your entire MSP fleet. Customizable profiles with avatars and nicknames bring personality to the rankings.
A dedicated community hub showing your personal level, XP bar, recent achievements, org milestones, and a live mini-leaderboard — all in one place. The more you work, the more your dashboard reflects your expertise.
Every TATER user gets a rich profile: a unique nickname (2–32 characters, globally unique within the tenant), a custom avatar (upload a photo or generate a randomized icon), a short bio, and an accent color. Real names are shown to co-workers in a "nickname (Real Name)" format, giving both human warmth and professional context — while outside your org, only the nickname is visible.
Team members earn XP automatically as they do real compliance work. No artificial tasks, no gamification theater — XP maps directly to platform value. Running scans, remediating findings, documenting risk acceptances, writing policies, adding evidence comments, and using the AI analyst all earn XP. Unlocking achievements awards bonus XP on top.
Achievements reward meaningful platform milestones. User achievements cover individual compliance workflows, while org achievements recognize collective team milestones. Each achievement awards bonus XP and is permanently recorded with an earned date. Progress trackers show how close you are to the next unlock. Secret achievements remain hidden until earned.
Leaderboards make team progress visible and motivating. Filter by six categories and toggle between individual and org views. A podium display highlights the top three, with full ranked lists below. Your current rank is always shown — even if you're outside the top 25. For MSPs, org leaderboards let you see which client organizations are most actively using the platform.
TATER's compliance catalog, scanning engine, and integrations are sovereign-cloud-aware. Customers in regulated environments get GCC High and DoD-specific remediation guidance on every applicable control today, and have a clear path to a private TATER Gov deployment when their accreditation boundary requires it.
Every catalog control can carry a Government Cloud Guidance block with sovereign-cloud-specific remediation steps, portal URLs, Graph endpoints, and PowerShell environment flags. SuperAdmins maintain it via the catalog editor; sovereign-cloud admins see it inline in the control detail panel.
Mark a tenant credential as Commercial / GCC / GCC High / DoD and TATER's scanRun engine automatically picks the right Graph, AAD, and ARM endpoints. No code changes per customer; one configuration toggle per tenant.
For GCC High and DoD customers requiring TATER itself to run in Azure US Government, we partner directly. Typical engagement: 4–8 weeks from signed SOW to first scan, with FedRAMP Moderate Equivalency, ITAR / EAR / CMMC attestations as scoped to your accreditation boundary.
You already own Tenable, CrowdStrike, Splunk, Okta, ServiceNow, and 8–15 other security and IT tools. None of them own M365 SaaS configuration compliance, continuous endpoint hardening at the registry/policy level, or the GRC workflow that wraps it. That is the gap — and it is where TATER lives. The Complementary Stack playbook maps each major tool category, what your existing investment does well, and the specific layer TATER adds next to it.