Guides we wish someone had handed us. Free tools that show you where you stand. And the writing that explains why MARFI exists in the first place.
The five Trust Service Criteria and the specific controls to implement before your audit, written from inside the room where audits actually pass, not from a marketing department.
Read the checklist →The three CMMC levels, the 110 NIST 800-171 controls across 14 families, and the assessment timeline, written for the small contractor who can't afford to fall off the bid list when the clause lands.
Read the checklist →More guides in the works. HIPAA without theater · Vendor risk without spreadsheets. Want one we haven't written?
Tell us what to write →Score your domain's external security posture against the same checks attackers run first. No login. No email gate. Just your domain in, a real score out.
Score my domain →Drop in a list of your SaaS vendors. Get a one-page heat-map of which ones carry the most third-party risk to your audit posture. Shipping soon.
In developmentTwelve questions, written by people who've sat the audit. See if you'd pass SOC 2 today, where the gaps are, and what to fix first. Shipping soon.
In developmentWhy we built MARFI: the giants buy enterprise security; everyone else gets told to wait. We engineer it once, at the highest standard, and hand it to companies who could never afford a CISO.
Read the manifesto →Founded August 20, 2020, when the world was breaking and the threat surface tripled overnight. The first client we secured in seven days became the bar we've held ourselves to ever since.
Read the story →The exact tools that ship in every Launchpad seat, managed EDR, FIDO2 sign-in, conditional access, DLP, SIEM. Why each one's there. What it replaces. How it's licensed in your per-user price.
Read the specs →The fastest way to get a custom MARFI take on your IT, security, or compliance question is to put it in front of a US-based engineer for forty-five minutes.