Holocron Security logo Talk to us

Kyber Docs · SDVOSB-built automation

Drop-in NIST SP 800-171r2 auditing for your pipelines.

Kyber Docs installs as a single job in GitLab or GitHub CI. Run it once and receive assessor-grade POA&Ms, findings narratives, and executive summaries—crafted by Service-Disabled Veteran engineers who have lived your compliance mission. Use pipeline variables to scope audits to a single control family or the exact requirements your assessor is asking about.

Request a pilot Review integration details

Capabilities that keep you audit ready

Purpose-built for DIB contractors who need rapid, repeatable evidence without exposing sensitive data outside their environment.

Minutes to integrate

Use our prebuilt YAML snippets to add Kyber Docs to GitLab, GitHub Actions, or Jenkins. No new infrastructure, no platform re-architecture.

Full control coverage

Evaluates every 3.x.x requirement in NIST SP 800-171r2—or a subset you specify—using curated prompts, structured evidence checks, and deterministic JSON hand-offs.

Assessor-grade outputs

Deliver SSP updates, POA&M CSV/Markdown, detailed findings, and executive summaries aligned to the CMMC Assessment Guide.

Secure architecture

Run entirely within your boundary with optional Holocron LLM gateway access. Keep every artifact in your repositories and SIEM.

Launch Kyber Docs in three steps

  1. Import our pipeline template and point it at the repositories or infrastructure you already manage.
  2. Set API keys and environment toggles (like `KYBER_CONTROL_SCOPE`) for the controls you want to evaluate this run.
  3. Kick off the job and receive POA&M, findings, SSP updates, and briefing decks in under an hour.
Book a walkthrough Pair with advisory services

What customers receive

Your first run delivers the evidence package your assessors expect—and every subsequent run updates it with traceable deltas.

System Security Plan

SSP markdown and PDF aligned to the CMMC Assessment Guide, with citations back to the commits, configs, and scan data Kyber Docs reviews.

Plan of Action and Milestones

Living POA&M CSV mirrored to the repo root plus markdown narratives with remediation owners, risk scores, and mission impact.

JSON summaries

Structured data for dashboards, partner reporting, and automation—perfect for leadership scorecards or customer assurances.

Run logs

Rich logging for every control, including OpenCode traces, to accelerate troubleshooting and provide audit-ready provenance.

Technical specifications

  • Red Hat UBI 9 minimal base
  • Prebuilt GitLab & GitHub CI templates
  • OpenCode CLI, ripgrep, and jq bundled
  • Strict JSON agent hand-offs
  • Configurable control scoping via environment variables
  • Optional self-hosted inference modes

Ship once, run everywhere your pipelines already exist—with support from Holocron's Service-Disabled Veteran team.