For small & mid-sized businesses

Know how secure your business is — and prove it.

Your insurer, a major customer, or a regulator is asking. Find out exactly where you stand and get a report that answers them — in less than 24 hours.

Get my free security score →

Free security score across 13 domains · Full report $750 — not the $5,000+ consultants charge

30-day money-back guarantee. If the report doesn't find at least 5 gaps worth fixing, it's free.
CRJ SecurityREPORT

Security maturity report

2/5

🛡 Built on NIST CSF 2.0 & CIS Controls — the frameworks insurers, customers, and auditors recognize

If any of these sound familiar, you need this now — not next quarter.

🛡

Renewing your cyber insurance?

Underwriters now demand proof of your security controls before they'll renew — and most small businesses fail the assessment without realising it. A denied or repriced policy is expensive and slow to fix. Find your gaps before your renewal does.

The most common reason businesses come to us.

📋

A customer sent a security questionnaire

Can't answer it confidently? The deal stalls — and the longer it stalls, the colder it gets.

⚖️

A regulation applies to you

HIPAA, PCI, or privacy law — you need to show where you stand, with documentation.

Built on the standards they actually check

Not our opinion of good security — the frameworks insurers, auditors, and enterprise clients already recognize.

🛡

NIST CSF 2.0

The U.S. national cybersecurity framework, updated in 2024. Your assessment is scored against all six of its core functions — including Govern, the foundation insurers now expect.

CIS Controls v8.1

The prioritized safeguards used worldwide to measure real-world security maturity. Every finding maps to a specific control, so your report speaks the language auditors use.

📄

A report you can defend

13 domains, scored 1–5, with findings and a fix plan in plain English. The kind of document you hand to an underwriter or a client and it holds up.

How it works

1

Take the assessment

65 questions in plain language — about 15–30 minutes.

2

See your score free

Your overall maturity score, plus a breakdown across all 13 security domains.

3

Get your full report

Only if you want it — $750, in less than 24 hours.

See where you stand — free

Your free snapshot shows where you're exposed. The full report tells you what's wrong and exactly how to fix it.

Big companies pay $5,000–$20,000 for an assessment like this. You're a small business — you shouldn't have to.

Your free snapshot

2 / 5
Governance
Access control
Data protection
+ 10 more domains

What larger companies pay $5,000–$20,000

$750 Save thousands

What's included

  • Specific findings for each domain
  • The risks each gap creates
  • Prioritized, step-by-step fixes
  • A 30 / 90 / 365-day roadmap
  • Mapped to NIST CSF & CIS Controls
30-day money-back guarantee. If the report doesn't find at least 5 gaps worth fixing, it's free.
Get my free security score →

No payment now — see your score first.

An assessment you own. No strings.

Buy one report, once. Hand it to your insurer, your biggest customer, your IT team, or your MSP — then we're done. No subscription, no sales calls, no chasing.

No subscription No sales calls No lock-in Yours to keep

How we're different

A tool isn't a strategy.

Most businesses buy security software and assume they're covered. But insurers, auditors, and big customers don't ask which tools you run — they ask who owns security, where your policies are, and whether you can prove it. We take a governance-first approach: we find where your policies, ownership, and documentation are exposed, and hand you the plan to close the gaps.

👁

Clarity

Know exactly where your security stands, in plain language leadership can act on.

Accountability

Clear ownership and defined roles — so security has an owner, not a vacuum.

📄

Documentation

The policies and records insurers, customers, and auditors actually ask to see.

Questions you're probably asking

Isn't a security assessment free everywhere?

Free ones are bait to sell you a platform or an MSP contract — most are short quizzes or automated scans you interpret yourself. This is 65 questions across 13 security domains, done for you, independent, in plain English. A report you own, not a sales funnel.

Will my insurer or customer accept it?

The report is built on NIST CSF 2.0 and CIS Controls — the frameworks they recognize — and it's yours to share with anyone who's asking.

My IT team or MSP already handles security.

They handle the day-to-day. This is the independent assessment they can't give you about their own work — and it's exactly what you hand them to scope what needs fixing.

Is this a formal audit or certification?

No — it's an independent gap assessment built on NIST CSF 2.0 and CIS Controls. It shows exactly where you stand and what to fix. If you need a formal audit later, this is the groundwork that gets you ready for it.

What happens after I buy?

Your full report arrives by email in less than 24 hours — usually sooner. No calls, no follow-ups, no upsell sequence.

What if it's not what I need?

You see your score before you pay anything, and if the report doesn't find at least 5 gaps worth fixing, it's free.

Chadd Jones, founder of CRJ Security

"I've spent over 15 years in IT infrastructure and security, and watched too many small businesses get priced out of simply knowing where they stood. CRJ Security is the honest, affordable assessment I wish I'd been able to hand them."

Chadd Jones

Founder, CRJ Security · 15+ years in IT & security operations

Read why I built this →
🛡 Built on NIST CSF 2.0 & CIS Controls · If it doesn't find 5+ gaps worth fixing, it's free

Find out where you stand today.

Get my free security score →

Free score · full report $750