For small & mid-sized businesses
Know how secure your business is — and prove it.
Your insurer, a major customer, or a regulator is asking. Find out exactly where you stand and get a report that answers them — in less than 24 hours.
Get my free security score →Security maturity report
2/5
If any of these sound familiar, you need this now — not next quarter.
Renewing your cyber insurance?
Underwriters now demand proof of your security controls before they'll renew — and most small businesses fail the assessment without realising it. A denied or repriced policy is expensive and slow to fix. Find your gaps before your renewal does.
The most common reason businesses come to us.
A customer sent a security questionnaire
Can't answer it confidently? The deal stalls — and the longer it stalls, the colder it gets.
A regulation applies to you
HIPAA, PCI, or privacy law — you need to show where you stand, with documentation.
Built on the standards they actually check
Not our opinion of good security — the frameworks insurers, auditors, and enterprise clients already recognize.
NIST CSF 2.0
The U.S. national cybersecurity framework, updated in 2024. Your assessment is scored against all six of its core functions — including Govern, the foundation insurers now expect.
CIS Controls v8.1
The prioritized safeguards used worldwide to measure real-world security maturity. Every finding maps to a specific control, so your report speaks the language auditors use.
A report you can defend
13 domains, scored 1–5, with findings and a fix plan in plain English. The kind of document you hand to an underwriter or a client and it holds up.
How it works
Take the assessment
65 questions in plain language — about 15–30 minutes.
See your score free
Your overall maturity score, plus a breakdown across all 13 security domains.
Get your full report
Only if you want it — $750, in less than 24 hours.
See where you stand — free
Your free snapshot shows where you're exposed. The full report tells you what's wrong and exactly how to fix it.
Big companies pay $5,000–$20,000 for an assessment like this. You're a small business — you shouldn't have to.
Your free snapshot
What larger companies pay $5,000–$20,000
What's included
- Specific findings for each domain
- The risks each gap creates
- Prioritized, step-by-step fixes
- A 30 / 90 / 365-day roadmap
- Mapped to NIST CSF & CIS Controls
No payment now — see your score first.
An assessment you own. No strings.
Buy one report, once. Hand it to your insurer, your biggest customer, your IT team, or your MSP — then we're done. No subscription, no sales calls, no chasing.
How we're different
A tool isn't a strategy.
Most businesses buy security software and assume they're covered. But insurers, auditors, and big customers don't ask which tools you run — they ask who owns security, where your policies are, and whether you can prove it. We take a governance-first approach: we find where your policies, ownership, and documentation are exposed, and hand you the plan to close the gaps.
Clarity
Know exactly where your security stands, in plain language leadership can act on.
Accountability
Clear ownership and defined roles — so security has an owner, not a vacuum.
Documentation
The policies and records insurers, customers, and auditors actually ask to see.
Questions you're probably asking
Isn't a security assessment free everywhere?
Free ones are bait to sell you a platform or an MSP contract — most are short quizzes or automated scans you interpret yourself. This is 65 questions across 13 security domains, done for you, independent, in plain English. A report you own, not a sales funnel.
Will my insurer or customer accept it?
The report is built on NIST CSF 2.0 and CIS Controls — the frameworks they recognize — and it's yours to share with anyone who's asking.
My IT team or MSP already handles security.
They handle the day-to-day. This is the independent assessment they can't give you about their own work — and it's exactly what you hand them to scope what needs fixing.
Is this a formal audit or certification?
No — it's an independent gap assessment built on NIST CSF 2.0 and CIS Controls. It shows exactly where you stand and what to fix. If you need a formal audit later, this is the groundwork that gets you ready for it.
What happens after I buy?
Your full report arrives by email in less than 24 hours — usually sooner. No calls, no follow-ups, no upsell sequence.
What if it's not what I need?
You see your score before you pay anything, and if the report doesn't find at least 5 gaps worth fixing, it's free.
"I've spent over 15 years in IT infrastructure and security, and watched too many small businesses get priced out of simply knowing where they stood. CRJ Security is the honest, affordable assessment I wish I'd been able to hand them."
Chadd Jones
Founder, CRJ Security · 15+ years in IT & security operations
Read why I built this →Find out where you stand today.
Get my free security score →Free score · full report $750