# FortMesa — Full Site (Markdown) > Cybersecurity enablement platform that helps service providers and organizations formalize cyber compliance, achieve regulatory certainty, and rightsize security investments. FortMesa.com is a JavaScript single-page application. For AI agents and crawlers that do not execute JavaScript, every page is mirrored as plain Markdown: request any page's path with a `.md` suffix (for example, `/product` -> `/product.md`). Each entry below links directly to that Markdown mirror. The entire site as a single document is at /llms-full.txt. --- # FortMesa — Formalize Cyber Compliance Formalize Cyber Compliance. ### Uncertain Security is a Business Liability ### Items - **Informal Cyber** — When cybersecurity guidance is perceived as opinion, it is easily dismissed. Professionalize your security by grounding it in a recognized framework, making it a verifiable business requirement with clear accountability. - **Denied Claims** — Insurers no longer rely on attestations alone. Coverage decisions increasingly require objective, independent validation of security controls and risk posture. - **Unverified Security Posture** — Without standardized evidence, executives are forced to rely on assumptions. We deliver verifiable assurance aligned with business and regulatory expectations. _THE JOURNEY_ ### The Lifecycle of Certainty ### Phases - **Discover** — We review your regulatory environment, customer mandates, and insurance drivers to align with your strategic plans. - **Assess** — Map your technical environment against industry standards to identify the exact gaps blocking your goals. - **Remediate** — Execute rightsized actions to satisfy mandates, eliminating technical waste and optimizing resource allocation. - **Sustain** — Establish a continuous monitoring practice to maintain an attestation-ready posture indefinitely. A verifiable destination for your cyber compliance journey. ### Verify My Regulatory Certainty Find Your Path What best describes how I interact with cybersecurity today? Which best describes your situation? ### Root Options - **I serve clients** — I am an MSP, Consultant, or Advisor helping my clients move from technical assumptions to objective regulatory certainty. - **I secure my own business** — I am a Business Leader or IT Director formalizing internal compliance to win more deals and secure my company's future. #### Partners - **I want to build a practice** — I want to launch and scale a high-margin security compliance arm for my business. - **I want to refer to experts** — I want a trusted partner to solve my clients' audits and insurance requirements. #### Endusers - **I have internal IT or an MSP** — I already have a technical team in place managing my systems and infrastructure. - **I have no dedicated tech team** — I do not have a technical department and I need a guided path to compliance. _The Strategic Authority Upgrade_ ##### From IT Vendor to Compliance Authority I want to transition into a high-margin strategic advisor and lead my clients' boardroom. Launch My Compliance Practice /managed-service-partners _From Advice to Mandate_ ##### The Expert Authority Extension I want to turn my security advice into funded mandates through independent validation. Explore Referral Partnership /agency-partner _Bridging My Executive Trust Gap_ ##### Validating My IT and MSP Performance I need independent proof to secure executive budget approval for my security roadmap. Unlock My Security Budget /co-managed-msp _Winning with Certainty_ ##### Establishing My Cyber Credibility I need to meet customer security requirements and win more business without technical confusion. Win More Enterprise Contracts /managed-security ### Choose the Right Compliance Destination ### Destinations - **Bridging the Executive Trust Gap** _(Bundle & Sell Advisory)_ — Secure executive approval with the high-credibility, third-party proof required to formalize your security investments. — [Build a practice](/managed-service-partners) - **Referral Agency** _(Refer & Protect Clients)_ — Earn commissions by solving your clients' audit pain without adding technical overhead to your staff. — [Register a deal](/agency-partner) - **Internal IT** _(Formalize Your Roadmap)_ — Empower your internal team with enterprise-grade GRC tools and independent risk verification capabilities. — [Enterprise hub](/co-managed-msp) - **Non-IT Business** _(Managed Cyber Compliance)_ — Get matched with a vetted FortMesa Certified Partner who will handle your entire compliance journey. — [Find a partner](/managed-security) ### Deliver Compliance and Build Trust with Security ### Frameworks - **CIS Controls** — /compliance/cis-controls - **ISO 27001** — /compliance/iso-27001 - **CMMC** — /compliance/cmmc - **FedRAMP** — /compliance/fedramp - **HIPAA** — /compliance/hipaa - **NIST CSF** — /compliance/nist-csf - **NIST SP 800-53** — /compliance/nist-800-53 - **SOC 2** — /compliance/soc-2 - **View more frameworks** — /compliance ### Company Recognition ### Cards FortMesa supports the **GTIA Cybersecurity Trustmark** readiness path as an approved GRC platform. [Read the case study](https://land.fortmesa.com/download-elevating-service-providers-security-standards) GAN Accelerators only accept about **3% of applications** that come their way from startups. *FORBES:* **"Mach37 — 'The granddaddy' of cybersecurity accelerators."** Spring 2019 cohort graduate. _Products_ #### Scale Revenue and Compliance with One Platform _Continurisk GRC & Riskchain VM_ Help clients achieve strategic cybersecurity and compliance. Align frameworks with real-time risk and remediation. One platform connecting controls, risk, and action. /product Learn more about Continurisk _Operations Center_ Deliver consistent cybersecurity outcomes at scale. Centralize and coordinate compliance operations. A single command surface for every engagement. /operations-center Learn more about Operations Center _Services_ #### Professional Services for Trusted Service Delivery _Compliance Advisor — Managed 365 Service_ Scale advisory services and build client trust. Provide expert GRC reviews on a recurring basis. Embedded advisory that compounds account value. /certified-assessments-and-advisory Learn more about Compliance Advisor _Assess+Monitor — External Risk Assessment_ Guide decisions with credible, independent insight. Perform formal assessments and continuous scanning. Defensible evidence executives and insurers accept. /certified-assessments-and-advisory Learn more about Assess+Monitor _GRC Growth Engine_ Turn compliance demand into recurring revenue. Equip your team with a proven CaaS growth framework. A repeatable motion that productizes compliance. /grc-growth-engine Learn more about GRC Growth Engine ### Marketplace Built to Find Your Ideal Vendor ### Vendors - **Nodeware** - **Phin** - **IGI** - **Sotero** - **Senteon** [View all marketplace](/marketplace) ### What Our Partners Are Saying ### Items - **Partner, First Tracks Technology** — We were pretty good at patching, antivirus and EDR and were just starting to get intimidated by compliance and frameworks. A trusted advisor pointed us toward FortMesa... it was an immediate win. - **CEO, Infoprotect UK** — FortMesa plays a crucial role in supporting Infoprotect's business strategy by delivering adaptive vulnerability management and cyber risk assessments. This enables Infoprotect to ensure our clients stay ahead of threats and maintain compliance with industry standards. - **Partner, RIZQ** — At RIZQ we leverage FortMesa's position of trust in the industry to provide clarity around cyber security compliance issues. They have been instrumental in driving the value proposition for outsourcing advanced cyber security monitoring and administration. ### Resources to Navigate Cybersecurity Standards and Compliance Read Article ### Items - **What is Governance?** — Discover the essential roles of governance, frameworks, standards, and regulations in cybersecurity. — https://land.fortmesa.com/what-is-governance - **CMMC Compliance: Key Updates and What It Means** — Stay informed about CMMC compliance updates and learn how to protect sensitive data while securing government contracts in the evolving cybersecurity landscape. — https://land.fortmesa.com/cmmc-compliance-key-updates-and-what-it-means - **SOC 2 Compliance Essentials** — Learn SOC 2 compliance strategies to boost data security, streamline audits, and build client trust with automation and NIST CSF alignment. — https://land.fortmesa.com/soc-2-compliance-essentials ### Win Client Security. Protect your opportunity. Lock in your client opportunity, co-sell with our experts, and earn margin on compliance and GRC services. For Partners [Speak With an Expert](/demo) ## Partner Program ### Partner Program Simplify Cybersecurity Service Delivery [Get Started](https://land.fortmesa.com/partner-application/1) [Book Demo](/demo) --- # Product ## Hero Labels Formalize Compliance top-4 -left-4 md:-left-16 Meet Requirements top-4 -right-4 md:-right-16 Rightsize Investments bottom-4 -left-4 md:-left-12 Regulatory Certainty bottom-4 -right-4 md:-right-12 ## Reactive Traps - **Regulatory Confusion** — Drowning in complex, ever-changing cyber compliance landscapes and frameworks without a clear path forward. - **Third-Party Pressure** — Risking lost contracts or denied insurance coverage due to strict, unavoidable security mandates. - **Blind Spending** — Wasting budgets on reactive tools without knowing if they actually reduce risk or meet compliance needs. ## Workflow Steps - **Discover Hidden Vulnerabilities** — Move past chasing automated alerts and uncover the risks that actually matter to your clients. - **Assess Business Context Risk** — Apply deep, human-centric business context to prioritize what truly impacts operations. - **Align Remediation with Frameworks** — Recruit key stakeholders and map every action to recognized control families and standards. - **Act on Automated Roadmaps** — Transform abstract framework requirements into clear, sequenced delivery for your team. ## Platform Cards - **Goal-Driven Roadmaps** — Tie every control to measurable business outcomes — not just checkbox tasks. - **Real-Time Scanning** — Continuous vulnerability detection unified with your compliance posture. - **Scalable Deliverables** — Repeatable, white-labeled artifacts engineered for high-margin delivery. ## Vm Features - **Internal and external network scanning** - **Enriched vulnerability insights** - **Integrated Windows patching** ### Defense & Infrastructure #### Frameworks - CMMC - FedRAMP - NIST 800-171 ### Healthcare & Medical #### Frameworks - HIPAA - HITECH - NIST CSF ### Financial Services #### Frameworks - GLBA - SOC 2 - PCI-DSS ### SME & MSP Baselines #### Frameworks - CIS Controls - Cyber Essentials ### Custom Frameworks #### Frameworks - Custom Mappings - Proprietary Policies ## Future Features - **Profitable GRC Operationalization** — Turn governance, risk, and compliance into a repeatable, margin-rich service line. - **Securing Cyber Insurability** — Meet underwriter mandates with auditable, evidence-backed control posture. - **Elevating Industry Standards** — Lift the floor for the channel by codifying defensible baselines. - **Scaling vCISO & CaaS Practices** — Equip lean teams to deliver fractional CISO outcomes at fleet scale. ## Resources - **Vulnerability Management 101** — The foundational playbook for continuous, business-aligned VM. · **Tag:** Guide — https://land.fortmesa.com/vulnerability-management-101 - **Cyber Insurance Blind Spots** — Where carriers say no — and how to close the evidence gap. · **Tag:** Livestream — https://www.youtube.com/live/ODLx4G9lPxY?si=03sP7kKi-wpMrD3d - **Enhanced Services and Profitability Through Strategic Partnership** — How automation streamlined IT security tasks and increased revenue by 25–30%. · **Tag:** Case Study — https://land.fortmesa.com/download-enhanced-services-and-profitability-through-strategic-partnership --- # Continurisk GRC & _Products_ ## Continurisk GRC & Riskchain VM Shield Continuous risk management and vulnerability monitoring built to formalize your compliance posture and right-size every security investment. ### Risk doesn't pause — neither should your GRC program. Point-in-time audits leave gaps that insurers and regulators no longer accept. Continurisk delivers a living risk register that maps directly to the controls and frameworks your business is held accountable to. ### Bullets - Replace static spreadsheets with continuous, evidence-backed risk tracking - Satisfy insurer attestations and renewal questionnaires with a single source of truth - Right-size investments by tying every control to a measured business risk - Stop firefighting findings — close gaps in a prioritized, defensible workflow ### Continuous, connected, and audit-ready by design. Continurisk pairs a structured GRC engine with Riskchain — a vulnerability monitoring layer that streams real signals into your control posture. ### Steps - **Connect** — Onboard your assets, controls, and frameworks through guided templates aligned to NIST, CMMC, SOC 2, HIPAA and more. - **Monitor** — Riskchain VM continuously scans, ingests, and correlates findings into the risks and controls that actually matter. - **Prove** — Generate evidence-backed reports for insurers, auditors, and clients on demand — no last-minute scramble. ### A unified GRC platform with vulnerability intelligence baked in. Everything required to formalize compliance and demonstrate certainty — without stitching together five tools. ### Features - **Multi-framework controls** — NIST CSF, CMMC 2.0, SOC 2, HIPAA, ISO 27001, PCI-DSS — mapped once, satisfied across all. - **Riskchain VM** — Continuous vulnerability monitoring tied directly to controls and risk scores. - **Live risk register** — A real-time view of inherent and residual risk, scored to your appetite. - **Audit-ready evidence** — Auto-collected artifacts and exportable reports for any auditor or insurer. - **Right-sized roadmap** — Prioritize spend on the controls that actually move risk down. - **Renewal automation** — Pre-populate insurer questionnaires and renewal evidence in minutes. --- # Operations Center _For IT Service Providers_ The Command Center for . Scale high-margin compliance offerings across your entire client base with a single, unified platform. Start Scaling Today /demo _The Why_ Stop relying on ad-hoc projects. Use a proven framework to overcome buying resistance, standardize delivery, and turn compliance into scalable profit. Technical execution isn't the bottleneck. Packaging and selling it is. Ad-Hoc Projects Packaged Service Scalable Margin _The How_ Replace fragmented tools with one operational framework. Combine powerful GRC templates with an integrated growth engine to turn data into proof that drives closed deals and seamless deployments. Bridge the gap between service delivery and sales . ### Bullets - Translate frameworks into repeatable packages. - Fuel pre-sales with unlimited discovery licenses. - Drive upsells directly from gap analyses. The Old Way Fragmented & Manual Time lost to disjointed tools and stalled sales. The Command Center Unified & Automated Standardized delivery and integrated growth. _The Platform_ Everything you need to operationalize and scale, built into one multi-tenant platform. A Complete Business System ### Pillars - **Centralized Oversight** — A single pane of glass for all GRC, VM SLAs, and Trustmark attestations across dozens or hundreds of clients. - **Service Packaging** — Define your tiered services once using the Profile Builder, then deploy them consistently everywhere. - **Sales Enablement** — Built-in pre-sales workflows and unlimited discovery licenses generate tangible ROI by accelerating closed won deals. ## Cta Stop managing compliance manually. Start scaling a profitable security practice today. Ready to Operationalize ? Schedule a Demo /demo --- # Compliance Advisor — _Services_ ## Compliance Advisor — expert-led guidance. UserCheck Senior compliance practitioners who help you interpret frameworks, scope obligations, and build a defensible program — without the Big 4 price tag. ### Frameworks don't read themselves. Most teams don't fail compliance because of bad intent — they fail because translating regulation into operational controls is hard. A FortMesa Compliance Advisor closes that gap with experience and pragmatism. ### Bullets - Interpret obligations in the context of your business model - Avoid over-engineering controls you don't actually need - Get unstuck on the gnarly questions auditors and insurers ask - Build a program leadership and the board can defend ### An advisor on your bench, not a one-off engagement. Compliance Advisor is a continuous service — your advisor learns your environment, prepares you for renewals, and shows up when scope changes. ### Steps - **Discover** — Map your obligations, business model, and current control state in a structured intake. - **Plan** — Receive a prioritized, right-sized roadmap aligned to insurer and regulator expectations. - **Execute** — Ongoing office hours, reviews, and milestone checkpoints keep momentum and audit-readiness. ### Strategic guidance with operational follow-through. Hands-on access to senior practitioners who have built and audited compliance programs across regulated industries. ### Features - **Framework selection** — Choose the right frameworks based on customer, insurer, and regulatory drivers. - **Policy authoring** — Tailored policies that match how you actually operate. - **Gap assessments** — Honest, scoped reviews of where you are vs. where you need to be. - **Audit prep** — Walkthroughs, evidence reviews, and rehearsal for the real thing. - **Office hours** — On-demand expert time for the questions that don't fit a ticket. - **Attestation support** — Help with insurer questionnaires, customer security reviews, and RFPs. --- # Assess+Monitor — _Services_ ## Assess+Monitor — always-on assurance. ScanSearch Continuous assessment and monitoring services that maintain your security posture and meet evolving insurer requirements. ### Annual assessments aren't enough anymore. Insurers, customers, and regulators increasingly demand evidence of continuous control operation — not a single moment in time. Assess+Monitor delivers exactly that. ### Bullets - Catch control drift before it becomes an audit finding - Provide insurers with continuous evidence of control operation - Replace expensive annual assessments with a continuous service - Demonstrate due care to customers, regulators, and the board ### A managed service that keeps you assessed and audit-ready. Our team operates the platform on your behalf — running assessments, validating evidence, and surfacing what needs your attention. ### Steps - **Baseline** — Establish your current posture across the frameworks that apply to you. - **Operate** — We run scheduled assessments, validate evidence, and triage findings. - **Report** — You receive monthly posture reports and on-demand evidence for insurers and customers. ### Continuous control assurance — delivered as a service. Everything you need to prove ongoing compliance, without staffing the work yourself. ### Features - **Continuous monitoring** — Scheduled scans and control checks across your environment. - **Finding triage** — Prioritized, contextualized findings — not raw scanner output. - **Evidence validation** — Our team reviews and signs off on collected evidence. - **Posture visibility** — Live dashboards and monthly executive reports. - **Renewal prep** — Insurance and audit renewals prepared throughout the year. - **Trend analytics** — See how your posture improves quarter over quarter. --- # GRC Growth Engine https://land.fortmesa.com/download-grc-growth-engine-brochure ## Frameworks - NIST CSF - SOC 2 - HIPAA - CMMC ## Bottleneck Stats - **Avg. Loss** · **Value:** $2.1M - **Untapped** · **Value:** 73% - **Risk Carried** · **Value:** 100% ## Bottleneck Cards - **Overwhelming Standards** — Navigating disjointed industry and insurer requirements costs too many billable hours. - **Regulatory Confusion** — Meeting multiple overlapping standards creates friction and stalls client decision-making. ## Steps - **Cyber urgency** — Driven by customer or industry mandate. · **Num:** 1 - **Campaign engagement** — Client responds to urgency triggers. · **Num:** 2 - **Managed Discovery** — 60-minute joint expert call. · **Num:** 3 - **Compliance profile** — Status and next steps report. · **Num:** 4 ### Compliance wins Ongoing recurring revenue unlocked. 5 #### Tags - Bundle Upsells - Projects ## Toolkit Cards - **Continurisk Platform** — Centralized software for client compliance, planning, evidencing, and assessment, branded for your practice. - **Marketing & Sales** — Co-brandable assets, content calendars, and pre-built sales playbooks mapped to high-demand frameworks. - **Expert Accelerator** — Direct access to FortMesa GRC experts for step-by-step technical guidance, workshops, and joint client calls. ### Practice-Wide #### Items - **GRC Growth Engine** — Sell, market, deliver CaaS at scale. — /grc-growth-engine - **Operations Center** — Run your practice from a single pane. — /operations-center ### Named End-Client #### Items - **Continurisk GRC** — Client-facing compliance platform. — /product - **Professional Services** — Co-delivered expert engagements. — /certified-assessments-and-advisory --- # GRC Growth Engine — _Services_ ## GRC Growth Engine — build a compliance practice. Rocket Tools, training, and frameworks designed for service providers and consultants who want to launch — or scale — a profitable GRC offering. ### GRC is the highest-margin service most MSPs aren't selling. The market is asking for compliance help. Most service providers don't have the methodology, content, or platform to deliver it profitably. Growth Engine fixes that. ### Bullets - Tap into recurring, high-margin compliance revenue - Differentiate from MSPs competing on commodity IT services - Deliver consistent, productized engagements at scale - Avoid the multi-year build-out of internal IP and tooling ### A turnkey go-to-market and delivery system. Growth Engine combines white-labeled platform access, productized service playbooks, and partner enablement to get you selling and delivering quickly. ### Steps - **Enable** — Onboard your team with sales, scoping, and delivery training built for GRC engagements. - **Sell** — Use proven offer designs, proposals, and pricing to close higher-margin deals. - **Deliver** — Run engagements on the FortMesa platform with our experts available as your back office. ### Everything required to launch a profitable GRC line. Built for MSPs, MSSPs, vCISO firms, and consultancies serious about compliance services. ### Features - **Productized offers** — Pre-built service packages your team can sell on day one. - **Partner academy** — Sales, scoping, and delivery training for your consultants. - **Co-selling support** — Bring our experts into your sales motion when needed. - **Pricing playbook** — Margin-tested pricing for assessments, advisory, and CaaS. - **Practice analytics** — Visibility into pipeline, utilization, and engagement profitability. - **Platform leverage** — Use FortMesa's platform under your brand to deliver at scale. --- # Certified Assessments & Advisory ### For My Organization Get the certified, third-party proof your engineers need to meet audit requirements and secure cyber insurance. Pass customer due diligence and win deals. ### Benefits - Prove compliance for CMMC, DFARS, & NYDFS - Meet complex standards like SOC 2 & ISO 27001 - Achieve absolute regulatory certainty [Find a Certified Provider](https://land.fortmesa.com/find-my-certified-partner) Building2 For My Organization I need assurance for my own program ### For My Clients Scale your vCISO or CaaS programs with expert GRC support. We provide the independent validation needed to prove the value of your services. Scale as the trusted cyber advisor. ### Benefits - Scale delivery without hiring specialized GRC staff - Eliminate conflict-of-interest objections - Maintain trusted advisor status against competitors [Book a Demo](/demo) Users For My Clients I deliver assurance to others --- # Co-Managed MSP /demo ## Pain Cards - **The Budget Wall** · **Copy:** Your IT staff and MSPs know what needs to be fixed, but they struggle to get the budget approved because the board perceives their warnings as internal bias or upselling. · **Ring:** from-rose-500/20 to-rose-500/0 · **Icon Color:** text-rose-500 · **Border:** border-rose-500/30 · **Bg:** bg-rose-500/10 - **Uncertain Strategy** · **Copy:** The board has no objective way to measure if the business is actually protected. The lack of a formalized strategy creates a loss of internal confidence in the engineering team. · **Ring:** from-orange-500/20 to-orange-500/0 · **Icon Color:** text-orange-500 · **Border:** border-orange-500/30 · **Bg:** bg-orange-500/10 - **Failing Due Diligence** · **Copy:** Poor customer confidence. You are losing out on lucrative enterprise deals because you fail to manage third-party risk effectively on vendor security questionnaires. · **Ring:** from-amber-500/20 to-amber-500/0 · **Icon Color:** text-amber-500 · **Border:** border-amber-500/30 · **Bg:** bg-amber-500/10 ## What Cards - **Continurisk & Riskchain** · **Span:** true · **Copy:** Stop scrambling for compliance evidence and eliminate blind spots. Centralize your policies into a single source of truth, while automated continuous scanning maintains a hardened perimeter. · **Cta:** View Platform Details — /product - **Assess + Monitor** · **Copy:** Independent scanning and automated validation with compliance-driven risk assessments aligned to SOC 2, ISO 27001, HIPAA, and FTC Safeguards. · **Cta:** View Details — /certified-assessments-and-advisory - **Compliance Advisor** · **Copy:** Don't guess on compliance. We provide ongoing advisory and a strategic roadmap for the whole organization to ensure steady maintenance and executive peace of mind. · **Cta:** View Details — /certified-assessments-and-advisory ## Frameworks - SOC 2 - ISO 27000 - NIST CSF - HIPAA - CMMC - CIS Controls - NIST 800-171 - NIST 800-53 - FedRAMP - Essential 8 - UK Cyber Essentials - ACSC ISM - CJIS - GTIA Cybersecurity Trustmark - POPIA --- # Managed Security _For Growing Businesses_ Become the Vendor We help businesses without IT departments meet industry requirements and stop cyber losses. Turn technical confusion into a professionalized roadmap that wins enterprise deals. Schedule Demo /demo Find a Certified Partner https://land.fortmesa.com/find-my-certified-partner ## Why You don't need to be a tech expert to understand that unmanaged risk isn't just an IT problem—it leads to lost revenue, heavy fines, and uninsurable liabilities. Cyber Confusion is ### Cards - **Compliance & Fines** — The laws are changing rapidly. Compliance confusion leaves you exposed to legal liability, heavy government fines, and a damaged security reputation. - **Lost Enterprise Deals** — Low customer confidence means lost contracts. If you cannot confidently fill out vendor security questionnaires, clients will choose competitors. - **Uninsurable Risk** — Cyber losses can bankrupt a business overnight. Without formalized security, you are often uninsurable, leaving you entirely unprotected from disasters. _The Solution_ ### Understand Cyber. No Tech Expert Needed. ### Steps - **Translate Confusion** — We take complex industry jargon and translate it into simple, actionable tasks. You get a clear roadmap that rightsizes your investment. · **N:** 01 - **Formal Reports** — Get independent validation and business-ready reports that act as a trusted badge for insurance applications and enterprise contracts. · **N:** 02 - **Always Have a Pro** — Knowing everything is handled gives you peace of mind. We act as your damage control, providing expert oversight and vetted service partners. · **N:** 03 ### Built for Your Industry. Mapped to Your Framework. We help all industries meet the strict laws and frameworks required to avoid fines and secure trust. Industries Frameworks ### Industries - **Critical Infrastructure** — /compliance/ - **Defense** — /compliance-cmmc/ - **Financial Services** — /compliance-soc-2/ - **Healthcare** — /compliance-hipaa/ - **Logistics** — /compliance/ - **Manufacturing** — /compliance/ - **Public Sector** — /compliance/ - **Retail / E-Commerce** — /compliance/ - **Software / SaaS** — /compliance/ - **Technology** — /compliance/ ### Frameworks - **CIS Controls** — /compliance-cis-controls/ - **ISO 27001** — /compliance-iso-27001/ - **CMMC** — /compliance-cmmc/ - **FedRAMP** — /compliance-fedramp/ - **HIPAA** — /compliance-hipaa/ - **NIST CSF** — /compliance-nist-csf/ - **NIST SP 800-53** — /compliance-nist-800-53/ - **SOC 2** — /compliance-soc-2/ - **UK Cyber Essentials** — /compliance-uk-cyber-essentials/ - **ACSC ISM** — /compliance-acsc-ism/ - **Essential 8** — /compliance-essential-8/ - **GTIA Trustmark** — /compliance-gtia-trustmark/ ### Expert Services & Technology. Everything you need to stop cyber losses and achieve a proven security status. ### Items - **Assess + Monitor** — Third-party assessment and a clear strategic roadmap. We find where you are vulnerable and give you the step-by-step plan to fix it. — /certified-assessments-and-advisory - **Compliance Advisor** — Ongoing expert oversight. You get a dedicated professional to call for advice, damage control, and to ensure you stay compliant year-round. — /certified-assessments-and-advisory Learn more about our managed security services ### Need Hands-On Help? Don't want to manage compliance yourself? We connect you with a vetted network of Certified Managed Service Providers (MSPs). They use FortMesa to build, manage, and maintain your security—so you don't have to lift a finger. Done For Your Security Find a Certified Partner https://land.fortmesa.com/find-my-certified-partner ### Security Resources ### Items - **From SaaS to Client: Mastering Healthcare Compliance** · **Tag:** Case Study · **Image Key:** img47 — https://land.fortmesa.com/download-the-playbook-for-mastering-healthcare-compliance - **Cybersecurity Standards Overview** · **Tag:** Guide · **Image Key:** img48 — https://land.fortmesa.com/cybersecurity-standards - **Ingredients of an Effective Security Team** · **Tag:** Teambuilding · **Image Key:** img49 — https://land.fortmesa.com/learn-about-security-teams ### Stop guessing if your business is safe. Meet the law, avoid fines, and win enterprise deals with a clear, professional security roadmap. Schedule Demo /demo --- # Partner Program ## Urls https://land.fortmesa.com/partner-application/1 /partner-portal/ https://land.fortmesa.com/get-partner-program-guide ### The FortMesa Partner Program Scaling Compliance and Advisory Services Empowering service partners with the tools, resources, and platform to scale their security offerings globally. Become a Partner Partner Portal ## Stats 200+ Service Partners 65+ Security Frameworks 6+ Countries Supporting global operations worldwide ### Why Partner with FortMesa? ### Items - **Channel Commitment** · **Text:** Dedicated to the partner model. We never compete for your clients, ensuring you remain the sole trusted advisor in every engagement. - **Drive More Security Projects** · **Text:** Deliver more high-value projects in less time. We help our partners become more profitable by turning complex compliance into a repeatable revenue stream. - **Objective Credibility** · **Text:** Protect your reputation with third-party validation. Our methodology provides the "separation of duties" that insurers and auditors demand. ### Choose Your Path to Success Top choice ### Items - **Agency Partners** — Partner with a channel-friendly cyber advisory team and earn by referring clients. · **Tagline:** Your clients need cyber solutions. Become their trusted advisor. · **Cta:** Learn more about partnership opportunities · **Highlight:** false — /agency-partner - **Service Partners** — Designed for organizations scaling high-volume practices with sales enablement, technology, and coaching to manage client security roadmaps. · **Tagline:** Build recurring revenue with automated compliance services. · **Cta:** Explore Program · **Highlight:** true — /managed-service-partners - **Marketplace Partners** — Connect with tailored solutions that help you overcome specific technical or regulatory challenges for your clients. · **Tagline:** Simplify the process of finding your ideal vendor. · **Cta:** Find Solutions · **Highlight:** false — /marketplace ### Access Exclusive Resources in the Partner Portal Everything you need to grow, all in one place. Designed to help you sell and deliver faster. In the portal: ### Links - **Download Price Lists** - **Download Product Brochures** - **Consult About Opportunities** ### Get the Partner Program Guide FortMesa's channel-only solutions to help you effectively build, market, and sell cybersecurity services. Get your guide FortMesa Partner Program Guide cover ### Start Building Your Compliance Practice Today Request a Demo /demo Join the Partner Program --- # Partner Portal Partner Portal | FortMesa _FortMesa Partner Portal_ Simplify cybersecurity service delivery. All the resources you need to empower service providers, build your cyber business, and seamlessly manage customer security posture in one unified hub. Request Portal Access https://land.fortmesa.com/partner-application Go to Partner Portal https://partner.fortmesa.com/ ### Manage your Cyber Business Quick access to essential partner tools and resources. ## Quick Actions - **Upgrade to Multi-Tenant Edition** — https://partner.fortmesa.com/change-partner-tier - **Download 2025 Q2 Price List** — https://partner.fortmesa.com/knowledge/latest-partner-price-list-2025-q2 - **Partner Program Guide** — https://partner.fortmesa.com/knowledge/partner-program-guide - **Register a Deal** — https://partner.fortmesa.com/deal-registration-panel - **Product Brochures** — https://partner.fortmesa.com/knowledge/product-information - **Deploy Sensor Guide** — https://partner.fortmesa.com/knowledge/how-do-i-deploy-the-fortmesa-vm-sensor - **Generate Deals** — https://partner.fortmesa.com/deal-registration-panel - **Vendor Compliance Guide** — https://partner.fortmesa.com/knowledge/compliance-references - **Claim MDF Funds** — https://partner.fortmesa.com/knowledge/fortmesa-market-development-funds ### Everything Needed To Build A Cyber Business In One Place ## Features - **Workshops in cyber** — Enhance your skills in cyber sales and service delivery. · **Link Text:** Select Workshop — https://partner.fortmesa.com/knowledge/workshops-in-cyber - **Partner Program** — Learn partnership types, program terms, and pricing. · **Link Text:** Become a Partner — https://partner.fortmesa.com/knowledge/partner-program - **Deal Registration** — Access expert support and navigate client challenges. · **Link Text:** Register a Deal — https://partner.fortmesa.com/deal-registration-panel - **Product Information** — Learn how to own your customer's cybersecurity roadmap. · **Link Text:** Learn About Product — https://partner.fortmesa.com/knowledge/product-information - **Software Documentation** — Detect vulnerabilities, assess risks, and build security architecture. · **Link Text:** Simplify Service Delivery — https://partner.fortmesa.com/knowledge/software-documentation - **Marketing & Sales** — Collateral and guides to boost your cybersecurity sales. · **Link Text:** Request Support — https://partner.fortmesa.com/knowledge/marketing-sales ## Testimonial "FortMesa plays a crucial role in supporting Infoprotect's business strategy by delivering adaptive vulnerability management and cyber risk assessments. This enables Infoprotect to ensure our clients stay ahead of threats and maintain compliance with industry standards." Brad Fraser CEO, Infoprotect UK ### Formalize cyber compliance Learn about Partner Program Join Partner Program https://land.fortmesa.com/partner-application Book Demo /partner ## Support Cards - **Need help?** — Contact our success team · **Link Text:** Contact us — https://partner.fortmesa.com/contact-success - **Access Portal** — Already a FortMesa Partner? · **Link Text:** Login — https://partner.fortmesa.com/ - **Get Access** — Interested in becoming a partner? · **Link Text:** Request access — https://land.fortmesa.com/partner-application ### Own your customers' cyber roadmap Deliver cyber services or integrate with FortMesa to grow customer trust and navigate cyber compliance. Learn About Partnership /partner --- # Secure Your Opportunity _Partner Deal Registration_ ## Secure Your Opportunity Timestamp your claim, lock in your margins, and activate our co-sell support. ## Benefits - **Your Client, Your Deal** — Registering timestamps your claim and guarantees channel fidelity. We never go direct and never solicit your clients. - **Fast-Track Pricing** — Need a quote? Registration unlocks provisional quotes to help you build winning proposals. - **Expert Co-Selling** — Get immediate backup for urgent client issues or strategic compliance assessments. ## Post Submit Book 15-Min Prep Call Now https://calendly.com/fortmesa/deal-prep --- # Service Provider Editions https://land.fortmesa.com/partner-application _Service Provider Editions_ Win Service providers need cyber service delivery solutions built for them. Become a Partner Book Demo /demo _Why secure compliance_ ### Clients demand proof, not promises ### Cards - **Inform & Convert** · **Copy:** Establish cyber credibility, inform your clients about strategic investments, and proactively win new business. - **Deliver Services** · **Copy:** Implement advanced, scalable cybersecurity architectures over time seamlessly without disrupting operations. - **Evidence** · **Copy:** Prove your clients' cybersecurity posture to critical stakeholders with rigorous, audit-grade documentation. _Service partners_ ### Service providers winning cyber with FortMesa Service Provider partners across the world have found success delivering cybersecurity services with FortMesa. _CaaS & vCISO pipeline_ ### Deliver scalable, high-margin compliance and security services. Designed for service providers scaling high-volume practices. ### Steps - **Enablement & Tech** · **N:** 01 · **Copy:** We provide the sales enablement, technology, and coaching you need. - **Manage Roadmaps** · **N:** 02 · **Copy:** Efficiently construct, manage, and navigate client security roadmaps. - **High-Margin Delivery** · **N:** 03 · **Copy:** Deliver scalable Compliance-as-a-Service (CaaS) and vCISO offerings. STEP _Editions_ ### Service Provider Editions for cyber service delivery Recommended #### Pathfinder NFR _Service partners need to build internal security to ensure client safety_ Try FortMesa out in your business and get ready to win cyber service delivery engagements with your clients. ##### Features - No cost to qualified providers - Get started with formalized cyber compliance - Build internal cyber resiliency Get it now https://land.fortmesa.com/partner-application false #### Multi-Tenant Edition _For providers operating vCISO and Compliance-as-a-Service (CaaS)_ Build your cyber service delivery practice using FortMesa training and other partner enablement. ##### Features - Low commitment sales-enablement tooling - Work with unlimited clients - Comprehensive security compliance support Become a partner https://land.fortmesa.com/partner-application true ### Own your customers' cyber roadmap Deliver cyber services or integrate with FortMesa to grow customer trust and navigate cyber compliance. Learn About Partnerships /partner --- # Service Provider Partners — _Partners_ ## Service Provider Partners — build your compliance practice. Users Launch and scale a profitable GRC and Compliance-as-a-Service practice with FortMesa's platform, methodology, and partner enablement. ### Your clients are asking for compliance help. Insurance renewals, customer security reviews, and emerging regulation are pushing your clients to formalize compliance. Be the partner who delivers — without rebuilding the wheel. ### Bullets - Capture compliance revenue you're currently referring away - Strengthen client retention with high-value advisory work - Differentiate from generalist MSPs and MSSPs - Deliver consistent outcomes with productized engagements ### A partnership designed to make you the expert. We bring the platform, IP, and back-office expertise. You bring the relationships and delivery. Together we ship outcomes that defend renewals. ### Steps - **Onboard** — Get certified on the FortMesa platform, methodology, and partner playbooks. - **Deliver** — Run client engagements with platform leverage and expert escalation when needed. - **Scale** — Expand into new frameworks, verticals, and recurring CaaS contracts. ### A complete partner program for serious GRC providers. More than reseller margins — a full operating model for a modern compliance practice. ### Features - **White-label platform** — Deliver under your brand with full FortMesa platform power. - **CaaS playbooks** — Recurring Compliance-as-a-Service offer designs proven to retain clients. - **Growth Engine access** — Sales, scoping, and pricing IP built for compliance services. - **Expert escalation** — Our advisors back you up on the toughest client questions. - **Partner academy** — Continuous training across frameworks and delivery best practices. - **Practice analytics** — Pipeline, utilization, and margin visibility across your engagements. --- # Managed Service Partners ## Pain Cards - **Regulatory Exposure** · **Copy:** Clients face increasing scrutiny. Informal security measures risk failing strict industry and government audits. - **Rejected Insurance** · **Copy:** Insurers demand proof. Without objective validation, clients risk denied claims and uninsurable status. - **Unoptimized Spend** · **Copy:** Without formalized cyber roadmaps, clients hesitate to approve critical, rightsized security investments. ## Software Items - **Operations Center** · **Lede:** Multi-Tenant Control · **Copy:** Manage dozens of clients from a single pane of glass. Standardize your security delivery, monitor compliance standing, and control every environment without jumping between tools. — /operations-center - **Assess + Monitor** · **Lede:** The Third-Party Referee · **Copy:** Deploy automated scanning that provides independent, objective validation of your team's technical excellence. — /certified-assessments-and-advisory - **Continurisk GRC** · **Lede:** Automated Evidence · **Copy:** Stop manual tracking. Centralize all evidence mapped directly to frameworks like CIS, NIST, and HIPAA for visual, client-ready reporting. — /product ## Expert Items - **Compliance Advisor** · **Lede:** Expert Backup · **Copy:** Extend your team instantly. Leverage fractional CISO and expert support to assist with complex service delivery and strategy. — /certified-assessments-and-advisory - **GRC Growth Engine** · **Lede:** Win More Deals · **Copy:** Get the exact playbooks, roadmaps, and marketing resources proven to help MSPs launch, market, and scale their cyber practices. — /grc-growth-engine ## Resources - **MSP Cyber Solution Playbook** · **Tag:** E-Book · **Copy:** Using customer trust to bundle and sell more cyber with the CANT Cyber Sales Method. · **Cta:** Read E-book — https://land.fortmesa.com/download-msp-cyber-playbook - **CIS Controls v8 Guide for Service Providers** · **Tag:** Case Study · **Copy:** Learn to implement CIS Controls v8 to strengthen cybersecurity, protect client data, and ensure compliance. · **Cta:** Read Case Study — https://land.fortmesa.com/cis-controls-v8-guide-for-service-providers - **SP Security Service Automation** · **Tag:** E-Book · **Copy:** Double your profit with cross-sell driven margin expansion. · **Cta:** Read E-book — https://land.fortmesa.com/download-sp-security-cross-sell --- # Agency Partner Program _Agency & Consultant Network_ ### Solidify Your Status as the Trusted Advisor. Protect your client relationships and unlock stalled project budgets. We provide the independent cyber validation your clients need to pass due diligence. Apply for Agency Partnership https://land.fortmesa.com/agency-partner-application ### Compliance roadblocks stall your projects When cyber compliance enters the chat, consulting gets messy. Clients hesitate, budgets freeze, and your best advice gets ignored until a breach happens. ### Items - **The Rival Threat** — Bringing in a “security-first” IT vendor opens the door for them to pitch your client on everything else. You risk losing your seat at the table. · **N:** 01 - **The Budget Wall** — Clients view your security warnings as an upsell. Without independent data to back up your claims, critical project recommendations go unfunded. · **N:** 02 - **The Due Diligence Nightmare** — Clients panic over vendor forms and strict insurance renewals. They turn to you to organize evidence, causing massive scope creep. · **N:** 03 ### Turn Advice into Funded Projects Independent proof that gets projects funded Funded ### No Liability, New Revenue Add enterprise-grade security to your pitch without becoming a managed provider. Stay a pure advisor, earn referral revenue, and protect your reputation with an independent liability shield. Assessment Passed _Referrer Benefits_ ### Your Clients Get Secure. You Get Rewarded. FortMesa provides transparent handoffs and strict account protection, ensuring you remain the lead partner while we handle the work. 100% Lead Protection ### Your Partner Toolkit ### Items - **Discovery SMB** — A rapid evaluation tool to quickly highlight critical gaps before you ask the client for money. Creates instant awareness and budget momentum. · **Cta:** Register a deal · **External:** true — https://land.fortmesa.com/register-a-deal - **Assess + Monitor** — The outside referee. Independent, automated scanning to prove exactly why your strategic roadmap is a business requirement. · **Cta:** Learn more about Assess + Monitor — /certified-assessments-and-advisory - **Continurisk GRC & Riskchain VM** — The central hub for all evidence. Map your client's posture directly to frameworks to breeze through vendor questionnaires and assessments. · **Cta:** Explore platform — /product - **Compliance Advisor** — Fractional expert support. We provide the ongoing advisory needed to drive client action when they lack internal security resources. · **Cta:** View advisory services — /certified-assessments-and-advisory ### Keep the Relationship. Lose the Liability. Bring in the experts. Get the proof your clients need to fund projects, pass assessments, and block out the competition. Apply Now https://land.fortmesa.com/agency-partner-application --- # Have an MSP? _Solutions_ ## Have an MSP? Bring them with you. Globe Already work with an MSP you trust? Invite them to FortMesa for seamless integration and collaborative compliance management — no rip-and-replace required. ### Your MSP is part of your security perimeter. Compliance breaks when GRC tooling and operational tooling live in different worlds. By inviting your MSP into FortMesa, you align everyone around the same controls and evidence. ### Bullets - Keep the MSP relationship you've already invested in - Eliminate the back-and-forth of evidence requests - Hold every party accountable to the same controls - Shorten audit and insurer renewal cycles dramatically ### Three roles. One platform. Zero friction. FortMesa is built for triangular collaboration between you, your MSP, and our compliance experts. ### Steps - **Invite** — We onboard your MSP into FortMesa with role-appropriate access. - **Align** — Map controls and ownership so everyone knows what they're responsible for. - **Operate** — Your MSP works the controls; FortMesa keeps the GRC layer audit-ready. ### Built for clients who already have an MSP. Tools and workflows that bring your existing IT partner into the compliance program — without disruption. ### Features - **MSP invitations** — One-click invite flow with guided onboarding for your provider. - **Multi-tenant access** — Role-based views designed for client + MSP collaboration. - **Shared workflows** — Tasks, evidence, and remediations tracked across both teams. - **Control ownership** — Clear assignment of who owns what across every framework. - **Tool integrations** — Plug into the IT tools your MSP already operates. - **Compliance backstop** — FortMesa advisors available to both you and your MSP. --- # Compliance Frameworks ## Hero Cyber Compliance Compliance Frameworks, Make compliance simple and easy with self-driving security plans that meet your industry needs. Become a Partner https://land.fortmesa.com/partner-application/1 Integrations ## Industries Section Rapidly deploy industry standard profiles Tailor Security Plans On Easy Mode Custom Tailor a ## Audit Section Choose From Simplified or Audit Workflows ## Resources Section Cyber Compliance Read article ## Integrations - **Amazon AWS** · **Logo Key:** aws - **Datto RMM** · **Logo Key:** datto - **Autotask PSA** · **Logo Key:** autotask - **Slack** · **Logo Key:** slack - **Tenable.io** · **Logo Key:** tenable - **API/SDK** · **Logo Key:** webhooks - **Atlassian JIRA** · **Logo Key:** jira - **Email** · **Logo Key:** email - **N-able PSA** · **Logo Key:** nable - **ConnectWise Manage** · **Logo Key:** connectwise - **Nodeware** · **Logo Key:** nodeware ## Industries - **Criminal Justice** — # - **Critical Infrastructure** — /compliance/nist-csf - **Defense Industry** — # - **Financial Services** — # - **Healthcare** — # - **Public State/Federal** — /compliance/nist-800-53 - **Explore all frameworks** — # ## Tailor Points - **Supports multiple standard frameworks** — Roll one program forward across CIS, NIST, ISO, SOC 2 and more. - **Mix and match controls** — Compose the exact baseline your business, and your customers, require. - **Schedule across any timeline** — Stagger rollout by quarter, year, or maturity milestone. ## Resources - **What is Governance?** — Discover the essential roles of governance, frameworks, standards, and regulations in cybersecurity. · **Image Key:** governance — https://land.fortmesa.com/what-is-governance - **CMMC Compliance: Key Updates and What It Means** — Stay informed about CMMC compliance updates and learn how to protect sensitive data while securing government contracts. · **Image Key:** cmmc — https://land.fortmesa.com/cmmc-compliance-key-updates-and-what-it-means - **SOC 2 Compliance Essentials** — Learn SOC 2 compliance strategies to boost data security, streamline audits, and build client trust. · **Image Key:** soc — https://land.fortmesa.com/soc-2-compliance-essentials ## Book a Demo Book a Demo ### Options - **I'm a Service Provider** — /demo - **I'm an Organization** — /organization-demo ## Partner Program ### Partner Program Simplify Cybersecurity Service Delivery [Get Started](https://land.fortmesa.com/partner-application/1) [Book Demo](/demo) --- # CIS Controls ## CIS Controls ### Eliminate More Risk With Fewer Actions Using CIS Controls Compliance Find all the CIS controls in our security planner. ### What is CIS Controls? The CIS Critical Security Controls (CIS Controls) are a set of prioritized and prescriptive best practices designed to improve cybersecurity. Developed through a community consensus process involving thousands of cybersecurity experts worldwide, these controls provide a simplified, actionable approach to addressing the most critical security threats. ### Why CIS Controls Compliance Adopting CIS Controls focuses your team on the activities proven to eliminate the most risk with the least effort. ### Bullets - Reduce the most common attack vectors first - Maps cleanly to NIST CSF, ISO 27001 and HIPAA - Provides a measurable maturity model for stakeholders ### CIS Controls v8 Guide The all-in-one guide on identifying, preventing, and responding to cyber threats — ensuring a robust security posture. https://land.fortmesa.com/cis-controls-v8-guide ## Resources - **What's new in CIS Controls V8.1?** — Explore key updates in CIS Controls v8.1 for clearer, more practical cybersecurity management. — https://land.fortmesa.com/whats-new-in-cis-controls-v8.1 - **CIS Controls vs. NIST CSF: Which Framework Is Right for Your Organization?** — Compare CIS Controls and NIST CSF to choose the best cybersecurity framework for your MSP. — https://land.fortmesa.com/cis-controls-vs-nist-csf - **Cybersecurity Standards** — Explore key cybersecurity standards, frameworks, and regulations to boost data protection and ensure compliance. — https://land.fortmesa.com/cybersecurity-standards - **NIST CSF 2.0 Guide** — Learn how to protect sensitive information, safeguard critical systems, and maintain the trust of customers and stakeholders. — https://land.fortmesa.com/nist-csf-guide --- # ISO 27001 ## ISO 27001 ### ISO 27001 is the top global cybersecurity standard Find all the ISO/IEC 27002:2022 controls in our security planner. ### What is ISO 27001? ISO/IEC 27001 is the most widely recognized standard for information security management systems (ISMS). It specifies the requirements that an ISMS must fulfill. ISO 27001 standard offers guidance for organizations of all sizes and industries to establish, implement, maintain, and continuously enhance an Information Security Management System (ISMS). ### Why ISO 27001 Compliance ISO 27001 is the credential international customers, regulators and insurers trust as evidence of a mature security program. ### Bullets - Win deals where ISO is a procurement requirement - Operationalize an auditable ISMS instead of paperwork - Continuously improve risk treatment with evidence Establish Global Trust with ISO 27000 Compliance ### Cybersecurity Standards Explore key cybersecurity standards, frameworks, and regulations to boost data protection and ensure compliance. https://land.fortmesa.com/cybersecurity-standards ## Resources - **What is Governance?** — Discover the essential roles of governance, frameworks, standards, and regulations in cybersecurity. — https://land.fortmesa.com/what-is-governance - **NIST CSF 2.0 Guide** — Learn how to protect sensitive information, safeguard critical systems, and maintain the trust of customers and stakeholders. — https://land.fortmesa.com/nist-csf-guide - **CIS Controls v8 Guide** — The all-in-one guide on identifying, preventing, and responding to cyber threats — ensuring a robust security posture. — https://land.fortmesa.com/cis-controls-v8-guide - **SOC 2 Compliance Essentials** — Learn SOC 2 compliance strategies to boost data security, streamline audits, and build client trust with NIST CSF alignment. — https://land.fortmesa.com/soc-2-compliance-essentials --- # CMMC ## CMMC ### Meet CMMC standards required for all U.S. Federal DoD Contractors Self-attest CMMC 1 or pre-assess CMMC 3 with FortMesa’s self-driving security plans. ### What is CMMC? The Cybersecurity Maturity Model Certification (CMMC) program is tailored to meet the Department of Defense’s information security standards for Defense Industrial Base (DIB) partners. Its purpose is to ensure the protection of sensitive unclassified information exchanged between the Department and its contractors and subcontractors. ### Why CMMC Compliance If you sell to the DoD — directly or as a subcontractor — CMMC certification is required to win and keep contracts. ### Bullets - Required for prime and subcontract DoD awards - Aligns with NIST SP 800-171 and 800-172 - Continuous monitoring keeps you assessment-ready Strengthen Defense Partnerships with CMMC Compliance ### CMMC Compliance: Key Updates and What It Means Stay informed about CMMC compliance updates and learn how to protect sensitive data while securing government contracts. https://land.fortmesa.com/what-is-governance ## Resources - **NIST 800-171 Updates: What Contractors Need to Know** — Stay compliant with NIST 800-171 Rev. 3 to protect CUI and strengthen your cybersecurity for government contracts. — https://land.fortmesa.com/nist-800-171-updates - **What is Governance?** — Discover the essential roles of governance, frameworks, standards, and regulations in cybersecurity. — https://land.fortmesa.com/what-is-governance - **Cybersecurity Standards** — Explore key cybersecurity standards, frameworks, and regulations to boost data protection and ensure compliance. — https://land.fortmesa.com/cybersecurity-standards - **NIST CSF 2.0 Guide** — Learn how to protect sensitive information, safeguard critical systems, and maintain the trust of customers and stakeholders. — https://land.fortmesa.com/nist-csf-guide --- # FedRAMP ## FedRAMP ### Prepare for your FedRAMP Readiness Assessment Develop your FedRAMP compliance System Security Plan (SSP) using FortMesa’s self-driving security plans. ### What is FedRAMP? FedRAMP offers a cost-effective, risk-based framework for federal cloud service adoption, emphasizing security. The December 2022 FedRAMP Authorization Act, part of the FY23 NDAA, formally designates FedRAMP as the standard for assessing and authorizing cloud products and services handling unclassified federal information. ### Why FedRAMP Compliance FedRAMP authorization is the gateway to selling cloud services into the federal market — and increasingly trusted in commercial procurement. ### Bullets - Required for cloud services serving federal agencies - Builds on NIST SP 800-53 controls - Continuous monitoring proves ongoing assurance ### Cybersecurity Standards Explore key cybersecurity standards, frameworks, and regulations to boost data protection and ensure compliance. https://land.fortmesa.com/cybersecurity-standards ## Resources - **NIST CSF 2.0 Guide** — Learn how to protect sensitive information, safeguard critical systems, and maintain the trust of customers and stakeholders. — https://land.fortmesa.com/nist-csf-guide - **What is Governance?** — Discover the essential roles of governance, frameworks, standards, and regulations in cybersecurity. — https://land.fortmesa.com/what-is-governance - **CIS Controls v8 Guide** — The all-in-one guide on identifying, preventing, and responding to cyber threats — ensuring a robust security posture. — https://land.fortmesa.com/cis-controls-v8-guide - **CMMC Compliance: Key Updates and What It Means** — Stay informed about CMMC compliance updates and learn how to protect sensitive data while securing government contracts. — https://land.fortmesa.com/what-is-governance --- # HIPAA ## HIPAA ### Meet HIPAA requirements for handling protected health data. Evidence all 101 federal requirements of the Title 45 HIPAA Omnibus Rule for processing Protected Health Information (PHI). ### What is HIPAA? HIPAA laws set federal standards for the proper use and disclosure of protected health information in the U.S., regulated by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR). ### Why HIPAA Compliance HIPAA enforcement is rising and breach penalties are steep. A defensible program protects patients, partners and the business. ### Bullets - Required to handle PHI as a covered entity or BA - Demonstrates due care to OCR and insurers - Reduces breach risk and reportable incidents Build Patient Trust with HIPAA Compliance ### The HIPAA Privacy Rule: What It Means for Healthcare Providers Explore the HIPAA Privacy Rule's impact on healthcare cybersecurity, its strengths, limitations, and the need for updates. https://land.fortmesa.com/the-hipaa-privacy-rule-what-it-means-for-healthcare-providers ## Resources - **Cybersecurity Standards** — Explore key cybersecurity standards, frameworks, and regulations to boost data protection and ensure compliance. — https://land.fortmesa.com/cybersecurity-standards - **NIST CSF 2.0 Guide** — Learn how to protect sensitive information, safeguard critical systems, and maintain the trust of customers and stakeholders. — https://land.fortmesa.com/nist-csf-guide - **What is Governance?** — Discover the essential roles of governance, frameworks, standards, and regulations in cybersecurity. — https://land.fortmesa.com/what-is-governance - **CIS Controls v8 Guide** — The all-in-one guide on identifying, preventing, and responding to cyber threats — ensuring a robust security posture. — https://land.fortmesa.com/cis-controls-v8-guide --- # NIST Cybersecurity Framework (CSF) ## NIST CSF NIST Cybersecurity Framework (CSF) ### Implement the simplified NIST Cybersecurity Framework (CSF) Core Put your NIST CSF deployment on easy-mode with FortMesa’s self-driving security plans. ### What is the NIST CSF? The NIST Cybersecurity Framework (CSF) 2.0 offers guidance for managing cybersecurity risks, applicable to organizations of any size, sector, or maturity level. It provides a high-level taxonomy of cybersecurity outcomes and links to additional resources for practices and controls, helping organizations understand, assess, and communicate their cybersecurity efforts effectively. ### Why NIST CSF Compliance NIST CSF is the most widely adopted framework in the U.S. and a credible foundation for any compliance program. ### Bullets - Maps to every major regulation and framework - Tier-based maturity for clear executive reporting - Right-sizes investment to actual risk exposure ### NIST CSF 2.0 Guide Learn how to protect sensitive information, safeguard critical systems, and maintain the trust of customers and stakeholders. https://land.fortmesa.com/nist-csf-guide ## Resources - **CIS Controls vs. NIST CSF: Which Framework Is Right for Your Organization?** — Compare CIS Controls and NIST CSF to choose the best cybersecurity framework for your MSP. — https://land.fortmesa.com/cis-controls-vs-nist-csf - **Cybersecurity Standards** — Explore key cybersecurity standards, frameworks, and regulations to boost data protection and ensure compliance. — https://land.fortmesa.com/cybersecurity-standards - **CIS Controls v8 Guide** — The all-in-one guide on identifying, preventing, and responding to cyber threats — ensuring a robust security posture. — https://land.fortmesa.com/cis-controls-v8-guide - **What is Governance?** — Discover the essential roles of governance, frameworks, standards, and regulations in cybersecurity. — https://land.fortmesa.com/what-is-governance --- # NIST SP 800-53 ## NIST 800-53 ### Implement NIST 800-53 federal standards Deploy, manage, and assess your NIST SP 800-53 program—recognized by the U.S. federal government. ### What is NIST 800-53? NIST SP 800-53 stands for the National Institute of Standards and Technology Special Publication 800-53, which provides security and privacy controls for federal information systems and organizations. NIST, a non-regulatory agency of the U.S. Commerce Department, was created to foster innovation and science by establishing industry standards. NIST SP 800-53 offers guidelines to help federal agencies and contractors comply with the Federal Information Security Management Act (FISMA). ### Why NIST 800-53 Compliance If you work with federal agencies or aspire to FedRAMP, 800-53 is the underlying control language you'll be measured against. ### Bullets - Foundation for FedRAMP and FISMA compliance - Detailed, tailorable controls for high-assurance - Maps to 800-171, CMMC and ISO 27001 ### NIST 800-171 Updates: What Contractors Need to Know Stay compliant with NIST 800-171 Rev. 3 to protect CUI and strengthen your cybersecurity for government contracts. https://land.fortmesa.com/nist-800-171-updates ## Resources - **Cybersecurity Standards** — Explore key cybersecurity standards, frameworks, and regulations to boost data protection and ensure compliance. — https://land.fortmesa.com/cybersecurity-standards - **NIST CSF 2.0 Guide** — Learn how to protect sensitive information, safeguard critical systems, and maintain the trust of customers and stakeholders. — https://land.fortmesa.com/nist-csf-guide - **What is Governance?** — Discover the essential roles of governance, frameworks, standards, and regulations in cybersecurity. — https://land.fortmesa.com/what-is-governance - **CMMC Compliance: Key Updates and What It Means** — Stay informed about CMMC compliance updates and learn how to protect sensitive data while securing government contracts. — https://land.fortmesa.com/what-is-governance --- # SOC 2 ## SOC 2 ### Prepare for SOC 2 Compliance Comprehensively plan and document your compliance with the Trust Services Criteria required for SOC 2 certification. ### What is SOC 2? SOC 2 is an audit process that ensures service providers manage data securely, safeguarding your organization and client privacy. For security-focused businesses, SOC 2 compliance is essential when choosing a SaaS provider. Created by the AICPA, SOC 2 sets standards for managing customer data based on five trust service principles: security, availability, processing integrity, confidentiality, and privacy. ### Why SOC 2 Compliance Enterprise buyers expect a SOC 2 report before signing. Continuous controls make the audit a byproduct of operations. ### Bullets - Unlocks enterprise procurement processes - Demonstrates trust to customers and partners - Aligns with NIST CSF and ISO 27001 ### SOC 2 Compliance Essentials Learn SOC 2 compliance strategies to boost data security, streamline audits, and build client trust with NIST CSF alignment. https://land.fortmesa.com/soc-2-compliance-essentials ## Resources - **NIST CSF 2.0 Guide** — Learn how to protect sensitive information, safeguard critical systems, and maintain the trust of customers and stakeholders. — https://land.fortmesa.com/nist-csf-guide - **Cybersecurity Standards** — Explore key cybersecurity standards, frameworks, and regulations to boost data protection and ensure compliance. — https://land.fortmesa.com/cybersecurity-standards - **What is Governance?** — Discover the essential roles of governance, frameworks, standards, and regulations in cybersecurity. — https://land.fortmesa.com/what-is-governance - **CIS Controls v8 Guide** — The all-in-one guide on identifying, preventing, and responding to cyber threats — ensuring a robust security posture. — https://land.fortmesa.com/cis-controls-v8-guide --- # Resources _Resources_ ### What your company needs to deliver cybersecurity. ## Filters Search resources... Type Topic All ## Ui Show more No resources match your filters. ## Type Labels All-in-One Guide Article Case Studies E-book General Blog Livestream Pressroom Workshops ## Topic Labels Company News Cyber Insurance Governance & Compliance Incident Management Risk Assessment & Management Sales & Marketing Security Practices Service Delivery Vulnerability Management Cyber Education ### FortMesa Enhances Platform with Nodeware® Vulnerability Scanning FortMesa enhances its platform with Nodeware for continuous vulnerability scanning, improving compliance and security for organizations with real-time network visibility. #### Topics - company_news press https://blog.fortmesa.com/press/fortmesa-enhances-platform-with-nodeware-vulnerability-scanning true ### Interview-based research from ChannelCon 2024 This report, based on CompTIA ChannelCon 2024 interviews, reveals why SMBs resist advanced cybersecurity. #### Topics - sales_marketing case_studies https://land.fortmesa.com/channelcon-2024-report false ### Cybersecurity Standards Explore key cybersecurity standards, frameworks, and regulations to boost data protection and ensure compliance. #### Topics - governance_compliance - security_practices all-in-one_guide https://land.fortmesa.com/cybersecurity-standards false ### NIST 800-171 Updates: What Contractors Need to Know Stay compliant with NIST 800-171 Rev. 3 to protect CUI and strengthen your cybersecurity for government contracts. #### Topics - governance_compliance article https://land.fortmesa.com/nist-800-171-updates false ### Compliance Changes in 2025: What You Need to Know Stay updated on 2025 cybersecurity compliance changes, frameworks, and strategies for service providers. #### Topics - governance_compliance article https://land.fortmesa.com/compliance-changes-in-2025-what-you-need-to-know false ### NIST CSF 2.0 Guide for Service Providers Strengthen your cybersecurity posture with NIST CSF 2.0. Implement core functions for compliance and client trust. #### Topics - governance_compliance - security_practices all-in-one_guide https://land.fortmesa.com/nist-csf-2.0-guide-for-service-providers false ### CIS Controls v8 Guide for Service Providers Learn to implement CIS Controls v8 to strengthen cybersecurity, protect client data, and ensure compliance. #### Topics - governance_compliance - security_practices all-in-one_guide https://land.fortmesa.com/cis-controls-v8-guide-for-service-providers false ### The HIPAA Privacy Rule: What It Means for Healthcare Providers xplore the HIPAA Privacy Rule's impact on healthcare cybersecurity, its strengths, limitations, and the need for updates to protect patient data. #### Topics - governance_compliance - security_practices article https://land.fortmesa.com/the-hipaa-privacy-rule-what-it-means-for-healthcare-providers false ### CMMC Compliance: Key Updates and What It Means Stay informed about CMMC compliance updates and learn how to protect sensitive data while securing government contracts in the evolving cybersecurity landscape. #### Topics - governance_compliance - security_practices article https://land.fortmesa.com/cmmc-compliance-key-updates-and-what-it-means false ### What is Governance? Discover the essential roles of governance, frameworks, standards, and regulations in cybersecurity. #### Topics - governance_compliance article https://land.fortmesa.com/what-is-governance false ### Australia Cyber Security Centre Essential 8 Australian organizations should follow the ACSC Essential 8 to harden systems against cyber threats. #### Topics - governance_compliance - security_practices article https://land.fortmesa.com/australia-acsc-essential-8 false ### What's new in CIS Controls V8.1? Explore key updates in CIS Controls v8.1 for clearer, more practical cybersecurity management. #### Topics - governance_compliance article https://land.fortmesa.com/whats-new-in-cis-controls-v8.1 false ### CIS Controls vs. NIST CSF: Which Framework Is Right for Your Organization? Compare CIS Controls and NIST CSF to choose the best cybersecurity framework for your MSP. #### Topics - governance_compliance - security_practices article https://land.fortmesa.com/cis-controls-vs-nist-csf false ### SOC 2 Compliance Essentials Learn SOC 2 compliance strategies to boost data security, streamline audits, and build client trust with automation and NIST CSF alignment. #### Topics - governance_compliance - security_practices article https://land.fortmesa.com/soc-2-compliance-essentials false ### Vulnerability Management 101 Using vulnerability insights to reduce cyber risk. #### Topics - risk_assessment_management - vulnerability_management - security_practices all-in-one_guide https://land.fortmesa.com/vulnerability-management-101 false ### FortMesa joins CompTIA in effort to strengthen the cybersecurity culture FortMesa support the CompTIA Cybersecurity Trustmark program #### Topics - company_news press https://blog.fortmesa.com/press/fortmesa-joins-comptia-in-effort-to-strengthen-the-cybersecurity-culture-throughout-the-global-msp-community false ### Teambuilding 101 Ingredients of an Effective Security Team #### Topics - security_practices - service_delivery article https://land.fortmesa.com/learn-about-security-teams false ### Disaster Recovery Planning (RTOs, RPOs and how to get there) Quantify recovery goals and allocate resources accordingly. #### Topics - incident_management - security_practices livestream https://www.youtube.com/live/KYVtDlelXxw?si=_vFHu6c4Zpc5VNqi false ### Red vs Blue The role of attackers and defenders in cyber teams. #### Topics - incident_management - vulnerability_management - security_practices article https://land.fortmesa.com/learn-about-security-teams false ### MoveIT Vuln 90 Days Later Lessons learned from the MoveIT vulnerability (CVE-2023-34362). #### Topics - incident_management - vulnerability_management - security_practices livestream https://www.youtube.com/live/NWAJxTo9s1g false ### Finding Comfort with Target Customers and Business Models The journey to an Ideal MSP Customer Profile and a comfortable Predominant Business Model. #### Topics - sales_marketing - service_delivery livestream https://www.youtube.com/live/PxDL1EmD-8A false ### Why Vulnerability Management Comes Before Penetration Testing Learn how proactive identification and remediation of vulnerabilities strengthen digital defenses. #### Topics - risk_assessment_management - vulnerability_management - security_practices general_blog https://blog.fortmesa.com/general/why-vulnerability-management-comes-before-penetration-testing false ### Understanding Incident Response vs. Managed Detection and Response (MDR) Understanding the key differences between Incident Response and MDR, their roles, challenges, and future trends in cybersecurity. #### Topics - incident_management - security_practices - service_delivery general_blog https://blog.fortmesa.com/general/understanding-incident-response-vs.-managed-detection-and-response-mdr false ### Interview With Matthew Fisch - Founder & CEO at FortMesa Join FortMesa CEO Matthew Fisch as he shares the company’s journey, partner enablement approach, and cyber risk management strategies. #### Topics - company_news general_blog https://blog.fortmesa.com/general/interview-with-matthew-fisch-founder-ceo-at-fortmesa false ### Elevating Service Providers Security Standards Explore how FortMesa and CompTIA Community join forces to introduce the CompTIA Cybersecurity Trustmark, elevating security standards for service providers in the industry. #### Topics - governance_compliance - security_practices - service_delivery case_studies https://blog.fortmesa.com/press/elevating-service-providers-security-standards false ### FortMesa Empowers IT Providers With Educational Workshops for Cybersecurity Service Excellence FortMesa empowers IT providers with educational workshops to enhance cybersecurity service delivery. #### Topics - company_news press https://blog.fortmesa.com/press/fortmesa-empowers-it-providers-with-educational-workshops-for-cybersecurity-service-excellence false ### Unique Risk Profiling System Open Door to Cyber Insurance for Previously Uninsured Businesses A strategic alliance transforms cybersecurity landscape, opening new avenues for insurance procurement and risk mitigation. #### Topics - company_news press https://blog.fortmesa.com/press/unique-risk-profiling-system-opens-doors-to-cyber-insurance-for-previously-uninsured-businesses false ### FortMesa Commemorates Cyber Awareness Month With Internal Use NFR for Free FortMesa is excited to announce its commitment to the IT service provider community by offering a one-year, internal use of NFR access. #### Topics - company_news press https://blog.fortmesa.com/press/fortmesa-commemorates-cybe-awareness-month-with-internal-use-nfr-fo-free false ### FortMesa Partners With Gradient to Enhance Value Through Billing and Alert Integration FortMesa Launches a Gradient Integration for Enhanced Billing and Alert Capabilities #### Topics - company_news press https://blog.fortmesa.com/press/fortmesa-partners-with-gradient-to-enhance-value-through-billing-and-alert-integration false ### FortMesa Joins CompTIA in Effort to Strengthen the Cybersecurity Culture Throughout the Global MSP Community Leader in security enablement tools for IT service providers will supply critical component for CompTIA Cybersecurity Trustmark. #### Topics - company_news press https://blog.fortmesa.com/press/fortmesa-joins-comptia-in-effort-to-strengthen-the-cybersecurity-culture-throughout-the-global-msp-community false ### FortMesa has Been Selected to the ConnectWise PitchIT Class of 2023 FortMesa has been selected as one of the PitchIT class of 2023 at ConnectWise to develop new security concepts in the MSP market again this year. #### Topics - company_news press https://blog.fortmesa.com/press/fortmesas-been-selected-to-the-connectwise-pitch-it-class-of-2023 false ### Infoprotect UK Announces Partnership With FortMesa FortMesa is excited to partner with Infoprotect UK, so that they can offer their clients a comprehensive cybersecurity and data protection solution. #### Topics - company_news press https://blog.fortmesa.com/press/infoprotect-uk-announces-partnership-with-fortmesa false ### Unique Risk Profiling System Opens Doors to Cyber Insurance for Previously Uninsured Businesses What if there was an effortless way to get the same information on every cyber risk you’re presented with, without any added effort? #### Topics - cyber_insurance case_studies https://land.fortmesa.com/download-unique-risk-profiling-system-opens-doors-to-cyber-insurance-for-previously-uninsured-businesses false ### Enhanced Services and Profitability Through Strategic Partnership First Tracks Technology partnered with FortMesa to automate IT security tasks, enhancing efficiency and boosting revenue by 25-30%. #### Topics - sales_marketing - service_delivery case_studies https://land.fortmesa.com/download-enhanced-services-and-profitability-through-strategic-partnership false ### Cyber Pricing & Packaging Align your cyber sales strategy to perfectly fit your client engagement model. #### Topics - sales_marketing workshops https://land.fortmesa.com/cyber-pricing-packaging-workshop?hsLang=en false ### Prepare for the Win Tactics you can immediately use to prepare your customer for investments in cyber. #### Topics - sales_marketing workshops https://land.fortmesa.com/prepare-for-the-win-workshop?hsLang=en false ### Talking about Cyber How to effectively communicate about cybersecurity and secure success in cyber sales. #### Topics - sales_marketing workshops https://land.fortmesa.com/talking-about-cyber-workshop-0?hsLang=en false ### Vulnerability Management Delivering vulnerability management with sensors and your people #### Topics - risk_assessment_management - vulnerability_management - security_practices workshops https://land.fortmesa.com/vulnerability-management-workshop-0?hsLang=en false ### Continuous & Periodic Risk Assessments Gap analysis, risk assessment, and preparing for certified audits. #### Topics - risk_assessment_management - security_practices - service_delivery workshops https://land.fortmesa.com/cyber-risk-management-workshop?hsLang=en false ### Map the Stack, be the vCISO Align with security standards and build securely using your favorite tools. #### Topics - security_practices - service_delivery workshops https://land.fortmesa.com/map-the-stack-be-the-vciso-workshop?hsLang=en false ### SP Security Service Automation Double your profit with cross-sell driven margin expansion. #### Topics - sales_marketing - security_practices e-book https://land.fortmesa.com/download-sp-security-cross-sell?hsLang=en false ### MSP Cyber Solution Playbook Using customer trust to bundle and sell more cyber with the CANT Cyber Sales Method.Plus: Service delivery guide #### Topics - sales_marketing e-book https://land.fortmesa.com/download-msp-cyber-playbook false ### Conquering Cyber Price Objections Demonstrating cybersecurity value amid budget constraints #### Topics - sales_marketing livestream https://www.youtube.com/live/ekfKJPZncMo?si=Pa15SXorDlTsxzB5 false ### Cyber Education Guide Explore comprehensive cyber education to enhance security skills, understand threats, and gain certifications, empowering professionals to protect digital assets effectively. #### Topics - security_practices - cyber_education all-in-one_guide https://land.fortmesa.com/cyber-education-guide false ### What Happens When Hackers Get Your Password Hashes? Learn how hackers exploit hashed passwords and discover essential strategies to protect your accounts from credential leaks and attacks. Stay safe in the digital age. #### Topics - security_practices - cyber_education article https://land.fortmesa.com/what-happens-when-hackers-get-your-password-hashes false ### The Ultimate Guide to GIAC Certifications Explore GIAC certifications as the gold standard for practical cybersecurity skills, emphasizing hands-on expertise and real-world application to enhance your career in cybersecurity. #### Topics - cyber_education article https://land.fortmesa.com/the-ultimate-guide-to-giac-certifications false ### ISO 27000: The Global Standard for Information Security Explore the ISO 27000 series, the global standard for information security management, and learn how it enhances cybersecurity and compliance for organizations worldwide. #### Topics - cyber_education article https://land.fortmesa.com/iso-27000-the-global-standard-for-information-security false ### The Evolution of CompTIA Certifications Explore the evolution of CompTIA certifications, their significance in IT and cybersecurity careers, and the future of accessible learning for professionals at all levels. #### Topics - cyber_education article https://land.fortmesa.com/the-evolution-of-comptia-certifications false ### A Guide to ISC2 Certifications Explore ISC2 certifications to enhance your cybersecurity career, from entry-level to expert credentials, and validate your skills for top industry roles. #### Topics - cyber_education article https://land.fortmesa.com/a-guide-to-isc2-certifications false ### Cybersecurity Certifications for Individuals Explore essential cybersecurity certifications to validate your skills, enhance your career, and meet the growing industry demand for qualified professionals. #### Topics - cyber_education all-in-one_guide https://land.fortmesa.com/cybersecurity-certifications-for-individuals false ### Side-Channel Attacks: The Hidden Cybersecurity Threat You Didn’t See Coming Explore ISC2 certifications to enhance your cybersecurity career, from entry-level to expert credentials, and validate your skills for top industry roles. #### Topics - cyber_education article https://land.fortmesa.com/side-channel-attacks false ### Understanding Rainbow Tables Learn how rainbow tables work, why they are effective against weak hashing, and discover strategies to defend against these attacks for better cybersecurity. #### Topics - cyber_education article https://land.fortmesa.com/understanding-rainbow-tables false ### The Birthday Attack: Exploiting Probability in Cryptography Learn about the birthday attack in cryptography, how it exploits hash collisions, and discover effective strategies to defend against this significant cybersecurity threat. #### Topics - cyber_education article https://land.fortmesa.com/the-birthday-attack false ### The Fundamentals of Encryption Explore the fundamentals of encryption, including symmetric and asymmetric methods, their applications, and the critical role they play in cybersecurity. #### Topics - cyber_education article https://land.fortmesa.com/the-fundamentals-of-encryption false ### Download SP Security Cross-Sell EBOOK Discover how to enhance your MSP growth with in-house advanced security services, driving profit through effective bundling and pricing strategies. #### Topics - service_delivery e-book https://land.fortmesa.com/download-sp-security-cross-sell false ### Learn About Security Teams Build effective security teams by understanding key roles, fostering stakeholder buy-in, and implementing a strong security culture to combat cyber threats. #### Topics - security_practices article https://land.fortmesa.com/learn-about-security-teams false ### Navigating the 2026 Regulatory Landscape Prepare for 2026 audits with our Regulatory Landscape guide. Discover actionable steps to navigate CMMC Phase 2, FTC Safeguards, and state breach laws. #### Topics - security_practices - cyber_education all-in-one_guide https://land.fortmesa.com/2026-regulatory-landscape false ### Download The Cyber Claim Readiness Checklist Ensure your cyber insurance claim is approved by understanding essential requirements. #### Topics - cyber_insurance all-in-one_guide https://land.fortmesa.com/download-cyber-readiness-checklist false --- # FortMesa Marketplace _Marketplace_ Find your tech vendor Find a vendor by CIS Control Find a vendor by NIST CSF Browse our curated marketplace of cybersecurity vendors and service partners. Explore vetted partners mapped to the CIS Critical Security Controls. Explore vetted partners mapped to the NIST Cybersecurity Framework. Join Marketplace https://land.fortmesa.com/marketplace-partner-application ## Framework Tabs All vendors By CIS By NIST CSF ## Filters Search vendor… All categories All territories All CIS Controls All NIST functions Showing vendors ## Grid No vendors match the selected filters. View profile ## Categories - General IT & Cloud Services - Security Assessment & Consulting - Threat Detection & Incident Response - Core Cybersecurity & Network Defense - Data Privacy, Identity & Compliance - Training, Staffing & Professional Services ## Territories - **North America** · **Id:** NA - **Latin America** · **Id:** LATAM - **Europe, Middle East & Africa** · **Id:** EMEA - **Asia Pacific (excl. ANZ)** · **Id:** AP - **Australia & New Zealand** · **Id:** ANZ ## Cis Controls - **Inventory and Control of Enterprise Assets** · **Id:** 1 - **Inventory and Control of Software Assets** · **Id:** 2 - **Data Protection** · **Id:** 3 - **Secure Configuration of Enterprise Assets and Software** · **Id:** 4 - **Account Management** · **Id:** 5 - **Access Control Management** · **Id:** 6 - **Continuous Vulnerability Management** · **Id:** 7 - **Audit Log Management** · **Id:** 8 - **Email and Web Browser Protections** · **Id:** 9 - **Malware Defenses** · **Id:** 10 - **Data Recovery** · **Id:** 11 - **Network Infrastructure Management** · **Id:** 12 - **Network Monitoring and Defense** · **Id:** 13 - **Security Awareness and Skills Training** · **Id:** 14 - **Service Provider Management** · **Id:** 15 - **Application Software Security** · **Id:** 16 - **Incident Response Management** · **Id:** 17 - **Penetration Testing** · **Id:** 18 ## Nist Controls - **Organizational Context** · **Id:** GV.OC - **Risk Management Strategy** · **Id:** GV.RM - **Roles, Responsibilities, and Authorities** · **Id:** GV.RR - **Policy** · **Id:** GV.PO - **Oversight** · **Id:** G.OV - **Cybersecurity Supply Chain Risk Management** · **Id:** GV.SC - **Asset Management** · **Id:** ID.AM - **Risk Assessment** · **Id:** ID.RA - **Improvement** · **Id:** ID.IM - **Identity Management, Authentication, and Access Control** · **Id:** PR.AA - **Awareness and Training** · **Id:** PR.AT - **Data Security** · **Id:** PR.DS - **Platform Security** · **Id:** PR.PS - **Technology Infrastructure Resilience** · **Id:** PR.IR - **Continuous Monitoring** · **Id:** DE.CM - **Adverse Event Analysis** · **Id:** DE.AE - **Incident Recovery Communication** · **Id:** RC.CO - **Incident Recovery Plan Execution** · **Id:** RC.RP - **Incident Analysis** · **Id:** RS.AN - **Incident Response Reporting and Communication** · **Id:** RS.CO - **Incident Management** · **Id:** RS.MA - **Incident Mitigation** · **Id:** RS.MI --- # Workshops in Cyber Cybersecurity Workshops --- # Roundtable ### MSP Cyber Roundtable Live on Fridays Join our host and industry guests for a deep-dive discussion and live Q&A exploring exactly how MSPs can become more profitable by upgrading their security offerings. When Fridays @ 2:30 PM US Eastern Hosted by Matthew Fisch CEO / Founder at FortMesa _Tune In_ ### Choose how you want to tune in ### Options - **Follow on LinkedIn** — To get notified for live events. · **Url:** https://www.linkedin.com/company/fortmesa/ · **Cta:** Follow - **Subscribe on YouTube** — Stream on your schedule. · **Url:** https://www.youtube.com/@FortMesa · **Cta:** Subscribe - **Listen on Spotify** — Listen to episodes anywhere. · **Url:** https://open.spotify.com/show/1DkpylPJpul1S0NQVaK35T · **Cta:** Listen _Library_ ### Roundtable Library Watch full library on YouTube https://www.youtube.com/@FortMesa/streams ## Episodes - **Control AI Agent Costs with the L1-L3 Staffing Model** · **Date:** May 1st, 2026 · **Url:** https://www.youtube.com/live/OSGMuvZY8v8 - **Boost Co-Managed Security by Sharing Best Practices Across Teams** · **Date:** March 20th, 2026 · **Url:** https://www.youtube.com/live/Sg4GsjWw8TU - **Security Awareness Training Without the Eye Rolls** · **Date:** February 13th, 2026 · **Url:** https://www.youtube.com/live/wdZmzsI02Fo - **Why Tabletop Exercises Make MSPs Indispensable to Their Clients** · **Date:** January 30th, 2026 · **Url:** https://www.youtube.com/live/JS-bXwiQtlQ - **GTIA Cybersecurity Trustmark v2 Practical Guidance** · **Date:** November 14th, 2025 · **Url:** https://www.youtube.com/live/k8S7jXTZ0l0 - **Prospecting: It's Hard Because It's Simple** · **Date:** November 7th, 2025 · **Url:** https://www.youtube.com/live/aiXmXZXbC28 - **Unexpected Labor Impacts of AI** · **Date:** October 31st, 2025 · **Url:** https://www.youtube.com/live/43Ni561SCLU - **Proactive Tools and Practices in the Cyber Compliance Cycle** · **Date:** October 24th, 2025 · **Url:** https://www.youtube.com/live/ozGUx9mI62s - **Unlocking Hidden Revenue in Client Accounts** · **Date:** September 26th, 2025 · **Url:** https://www.youtube.com/live/oqt6U9ZVJvI - **Penetration Testing Part 2: Data & Business Applications** · **Date:** September 19th, 2025 · **Url:** https://www.youtube.com/live/EPZEXrhAOwg - **The AI Survivors Guide for IT Service Providers – Part I: Brace For Impact** · **Date:** September 12th, 2025 · **Url:** https://www.youtube.com/live/i3y3FIUICLY - **The Cyber Hygiene Lifecycle** · **Date:** September 5th, 2025 · **Url:** https://www.youtube.com/live/iJhMDL31abE - **Penetration Testing Part 1: Networks, Endpoints & Perimeter** · **Date:** August 29th, 2025 · **Url:** https://www.youtube.com/live/SHsVeEE0pG4 - **Cyber Risk in the Retail Space** · **Date:** August 19th, 2025 · **Url:** https://www.youtube.com/live/HVAWNTq5lxA - **SIM Swapping: Why Your Phone Number Isn't Safe** · **Date:** July 25th, 2025 · **Url:** https://www.youtube.com/live/m8iLbuP33qY --- # Trustmark _The Trustmark_ ### Communicate Trust in a Moment Discover the FortMesa Trustmark for end-client organizations. _The Problem_ In today's landscape, clients demand concrete proof of your security posture. Simply claiming you are secure is no longer sufficient. Good security is invisible . Until you need to prove it. ## Pain Points - **Unseen Efforts** — Critical security work goes unrecognized by the market and prospects. - **Deal Friction** — Manual audits and endless questionnaires stall your sales cycle. - **Stakeholder Doubt** — Lack of independent assurance delays trust and partner engagement. _The Mechanism_ ### The Path to Attestation Organizations earn the Trustmark through active engagement with our platform and adherence to security processes. Achieve third-party attestation of compliance with the FortMesa Trustmark guidelines in 30 days or less . FortMesa Trustmark certification badge _The Deliverables_ ### Get Trustmark Certified A badge and certificate indicating commitment to security and engagement with FortMesa. Sanitized certificates and web embeddable security badge on tap. Access pre-vetted technologies, products and services from our platform partners to further secure your systems. redrockshop.example.com The Red Rock Shop Welcome to our shop. We prioritize your security. Org: FortMesa, Inc. Validity: Dec 31 2020 Verify: 63b0cc5645 Certified participants can display an HTML embed on their website or applications to signify their ongoing commitment to security. _Documentation_ ### Certificate of Attestation A third-party endorsed Certificate of Attestation can help assure others of your commitment. These documents often satisfy due diligence requests from partner organizations. Example FortMesa Trustmark Certificate of Attestation _Guidelines_ ### The Trustmark Program We award organizations who have demonstrated a dedication to the process of security with the FortMesa Trustmark Badge and Certificate of Attestation. These endorsements certify that the named organization has committed itself to our program and is actively engaged with our platform. Organizations who fail to adequately participate do not qualify to retain the FortMesa Trustmark. Requirements ### Requirements - Badge may only be displayed using our real-time embedded validation API. - Trustmark may be revoked at any time and at our sole discretion. - Agreement to comply with on-demand spot audits by FortMesa analysts. - Active engagement with the FortMesa platform within the last 30 days. - A current and valid security program charter is endorsed and on file. Organizations participating in the FortMesa platform are provided with a guided roadmap of industry best practices intended to manage most cyber security risk. Participants engage in a combination of self and assisted audit and FortMesa retains no liability for losses, errors, omissions or unmanaged risks in the participants' security program. Trustmark program is not intended to be interpreted as an endorsement regarding the veracity of self assessed security posturing nor does FortMesa validate organizational authorization. Request Trustmark Access na1 ed309bf1-ebbe-499d-a1b4-91763c3652f3 5301360 https://js.hsforms.net/forms/embed/5301360.js Already a FortMesa partner? Open a success ticket https://partner.fortmesa.com/tickets-view/new to activate your Trustmark. --- # About FortMesa _About FortMesa_ ### Securing the IT Channel We simplify cybersecurity delivery, fortify systems, and empower service providers to navigate compliance and scale their businesses. _Our Story_ ### Why We Founded FortMesa We help partners win high-value deals and scale revenue through formalized cyber compliance. ### Paragraphs Service providers protect critical business infrastructure, but shifting regulations and strict insurance demands force them to become compliance experts overnight. Founded in 2019, FortMesa ensures no provider carries this burden alone, turning compliance friction into opportunities for security, trust, and revenue growth. _Team_ ### Leadership #### Matthew Fisch, CISSP Co-Founder, CEO https://www.linkedin.com/in/matthewfisch/ #### Danny Swett Co-Founder, Technical Product Architect https://www.linkedin.com/company/27221861/admin/ #### Lizbeth Garcia Marketing and Success Director http://linkedin.com/in/lizbeth-garcia-rizo #### Wayne Miller Advisory Board Chair https://www.linkedin.com/in/wayne-miller-08836b49/ #### Robert Carselle Advisory Board Member https://www.linkedin.com/in/robcarselle/ _Values_ ### Our Values Core principles that guide how we support our partners. ### Items - We always put our partners first. - Our platform is backed by proven frameworks. - We help partners win high-value deals. - We prioritize practical security over paperwork. - We act as an expert extension of your team. - We remain dedicated to a channel-only model. _Backed By_ ### Vested Advisory Strategic partners invested in our mission to secure the IT channel. #### Mach37 Cyber Accelerator #### Cutting Edge Capital --- # Contact FortMesa ### Get in Touch ### Headquarters FortMesa, Inc. ### Address Lines PO BOX 262 Spencertown, NY 12165 ### Direct Contact ### Links - **+1 518 444 4181** — tel:+15184444181 - **sales-ops@fortmesa.com** — mailto:sales-ops@fortmesa.com ### Social ### Links - **LinkedIn** · **External:** true — https://www.linkedin.com/company/fortmesa - **YouTube** · **External:** true — https://www.youtube.com/channel/UCinufyqtt5FLIkBPjwZ1n3g - **Spotify** · **External:** true — https://open.spotify.com/show/1DkpylPJpul1S0NQVaK35T _Partner Support_ ### Already a FortMesa partner? Get rapid assistance, access your portal, or manage your technical issues instantly. ### Cards - **Success Team** — Contact our success team to support your specific needs. · **Cta:** Connect — https://partner.fortmesa.com/contact-success - **FortMesa Portal** — Login to manage your clients, view analytics, and more. · **Cta:** Access — https://partner.fortmesa.com/ - **Issue Ticketing** — Report technical bugs, feature requests, or system issues. · **Cta:** Create Issue — https://partner.fortmesa.com/tickets-view/new --- # Press FortMesa Pressroom --- # Careers at FortMesa _Careers_ Work with Advance your cybersecurity career with FortMesa—empowering IT providers to lead with confidence. _About_ ### About FortMesa ### Paragraphs FortMesa, established in 2019, offers a channel-only solution designed to simplify cybersecurity service delivery worldwide. Our cutting-edge software empowers service providers to effortlessly own their customer's cybersecurity roadmap. We focus on making service delivery, evidencing, and planning easy, allowing our partners to grow customer trust, fortify systems, and navigate cyber compliance seamlessly. FortMesa's platform is the key to building and scaling successful cyber businesses. Join us and redefine cybersecurity service delivery for a more secure digital future. Learn more about the team /about _What drives us_ ### Our Core Values The principles that shape how we build, partner, and grow together. ### Items - **Diversity** — Embracing and celebrating a diverse and inclusive culture, recognizing the strength it brings to our startup environment. - **Commitment to Partners** — Devoted to the success and growth of our partners, fostering strong relationships built on trust and collaboration. - **Team Commitment** — Nurturing a supportive and engaging environment for our team, encouraging their professional development and well-being. - **Collaboration** — Fostering a collaborative atmosphere where teamwork is valued, and collective efforts drive innovation and success. - **Education and Awareness** — Committed to continuous learning and awareness-building, both internally and externally. _How it works_ ### Application Process ### Steps - Read the job descriptions available on our website. - Click the "Apply" button if the position aligns with your skills. - Fill out the form. There are no right or wrong answers. - Submit your application. - Our team will review your application. If eligible, we'll reach out for next steps. _Open Roles_ ### Find your next role Worldwide. Remote. Bring your craft to a mission that matters. ### Filters - All - Marketing - Software Engineering - Sales - Human Resources - Customer Success Worldwide Remote Apply No open roles in this category right now. ### Welcome to your next professional adventure Have questions or want to introduce yourself before applying? We'd love to hear from you. Contact us /contact ## Listings - **Release / Quality Engineer** — Lead meticulous release planning, collaborate with cross-functional teams, and ensure software quality through robust processes and testing. · **Department:** Software Engineering · **Url:** https://land.fortmesa.com/release-quality-engineer - **Software Architect** — Lead the design and evolution of our cybersecurity platform. Guide architectural decisions, manage SCRUM processes, and translate business requirements. · **Department:** Software Engineering · **Url:** https://land.fortmesa.com/software-architect - **Product Engineer** — Bridge the gap between product management and technical implementation, collaborating with architects, developers, and QA engineers. · **Department:** Software Engineering · **Url:** https://land.fortmesa.com/product-engineer - **Marketing Coordinator** — Collaborate with cross-functional teams to execute campaigns, manage digital and social media presence, and create compelling content. · **Department:** Marketing · **Url:** https://land.fortmesa.com/marketing-coordinator - **Director of Marketing** — Steer the development and execution of comprehensive marketing strategies. · **Department:** Marketing · **Url:** https://land.fortmesa.com/director-of-marketing - **VP of Marketing** — Develop and execute high-impact marketing strategies. · **Department:** Marketing · **Url:** https://land.fortmesa.com/vp-of-marketing - **Digital Marketing Associate** — Optimize CRM data quality, refine customer segmentation, and support targeted digital marketing initiatives. · **Department:** Marketing · **Url:** https://land.fortmesa.com/digital-marketing-associate - **Sales Engineer** — Act as technical advisor working closely with the sales team to understand the unique challenges of our partners and prospects. · **Department:** Sales · **Url:** https://land.fortmesa.com/sales-engineer - **Sales Development Representative** — Become the front lines of FortMesa's sales efforts, generating and qualifying leads through proactive outreach. · **Department:** Sales · **Url:** https://land.fortmesa.com/sales-development-representative - **VP of Sales** — A key executive leader responsible for developing and executing high-impact sales strategies. · **Department:** Sales · **Url:** https://land.fortmesa.com/vp-of-sales - **Business Development Representative** — Advance FortMesa's growth strategy by identifying, cultivating, and securing strategic partnerships. · **Department:** Sales · **Url:** https://land.fortmesa.com/business-development-representative - **Human Resources Manager** — Lead the charge in developing and executing HR strategies that support FortMesa's people and culture. · **Department:** Human Resources · **Url:** https://land.fortmesa.com/human-resources-manager - **VP of HR and Culture** — Senior executive leader shaping and executing HR and culture strategies for a diverse, high-performing global team. · **Department:** Human Resources · **Url:** https://land.fortmesa.com/vp-of-hr-and-culture - **Director of Customer Success** — Build and strengthen trusted relationships with FortMesa's customers to support long-term engagement and success. · **Department:** Customer Success · **Url:** https://land.fortmesa.com/director-of-customer-success - **VP of Customer Success** — Executive leader developing and executing high-impact customer success strategies that drive retention and growth. · **Department:** Customer Success · **Url:** https://land.fortmesa.com/vp-of-customer-success - **Coordinator of Customer Success** — Foundational member of the customer success team, driving customer satisfaction, engagement, and long-term retention. · **Department:** Customer Success · **Url:** https://land.fortmesa.com/customer-success-coordinator --- # Request a Demo — Organization **Request Demo** This page renders a two-column layout: pitch content on the left, a scheduling form (Calendly + HubSpot) on the right, with partner testimonials below. The pitch content shown depends on the visitor's timezone — US/Americas visitors see the Standard variant; visitors in Asia/Pacific timezones (Asia/*, Australia/*, Pacific/Auckland, Pacific/Fiji, Pacific/Guam, Pacific/Port_Moresby) see the Executive Briefing variant. These are alternate views of the same page, not sections that appear together. ## Standard variant (US/Americas visitors) ### Prove Your Security and Win More Deals. Replace technical fear with independent validation that gives your board absolute confidence and gives IT a clear compliance plan. What we will cover in your 45-minute briefing: - Pass customer due diligence effortlessly by proving your safe vendor status using our formalized GRC engine. - Bridge the gap between technical operations and executive requirements by translating cyber needs into clear business outcomes. - Justify IT budgets and get approvals faster through an independent assessment that stops your team from marking their own homework. ## Executive Briefing variant (Asia/Pacific visitors) ### Executive Briefing. It looks like you're outside US/Americas timezones, request a personalized meeting window? What we'll cover in your specialized session: - Pass customer due diligence effortlessly by proving your safe vendor status using our formalized GRC engine. - Bridge the gap between technical operations and executive requirements by translating cyber needs into clear business outcomes. - Justify IT budgets and get approvals faster through an independent assessment that stops your team from marking their own homework. ## Scheduler Prefer standard US hours? View our regular calendar instead ## Partner Testimonials - **Partner, First Tracks Technology** — We were pretty good at patching, antivirus and EDR and were just starting to get intimidated by compliance and frameworks. A trusted advisor pointed us toward FortMesa... it was an immediate win. - **CEO, Infoprotect UK** — FortMesa plays a crucial role in supporting Infoprotect's business strategy by delivering adaptive vulnerability management and cyber risk assessments. This enables Infoprotect to ensure our clients stay ahead of threats and maintain compliance with industry standards. - **Partner, RIZQ** — At RIZQ we leverage FortMesa's position of trust in the industry to provide clarity around cyber security compliance issues. They have been instrumental in driving the value proposition for outsourcing advanced cyber security monitoring and administration. --- # Request a Demo — Service Provider **Request Demo** This page renders a two-column layout: pitch content on the left, a scheduling form (Calendly + HubSpot) on the right, with partner testimonials below. The pitch content shown depends on the visitor's timezone — US/Americas visitors see the Standard variant; visitors in Asia/Pacific timezones (Asia/*, Australia/*, Pacific/Auckland, Pacific/Fiji, Pacific/Guam, Pacific/Port_Moresby) see the Executive Briefing variant. These are alternate views of the same page, not sections that appear together. ## Standard variant (US/Americas visitors) ### See FortMesa in Action. Build your cybersecurity business, simplify compliance, and win client trust. See how top partners use FortMesa to formalize cyber compliance, win trust, and grow revenue. In this 45-minute session, we'll show you how to: - Rightsize security investments and navigate industry requirements with absolute confidence. - Boost your sales by leveraging our specialized channel-first partner training. - Explore the platform to see what your custom tenancy will look like after you become a partner. ## Executive Briefing variant (Asia/Pacific visitors) ### Executive Briefing. It looks like you're outside US/Americas timezones, request a personalized meeting window? What we'll cover in your specialized session: - Rightsize security investments and map client needs to industry regulations on your own schedule. - Grow your business by leveraging our specialized channel-first partner training. - Explore the platform to see what your custom tenancy will look like after your partner application. ## Scheduler Prefer standard US hours? View our regular calendar instead ## Partner Testimonials - **Partner, First Tracks Technology** — We were pretty good at patching, antivirus and EDR and were just starting to get intimidated by compliance and frameworks. A trusted advisor pointed us toward FortMesa... it was an immediate win. - **CEO, Infoprotect UK** — FortMesa plays a crucial role in supporting Infoprotect's business strategy by delivering adaptive vulnerability management and cyber risk assessments. This enables Infoprotect to ensure our clients stay ahead of threats and maintain compliance with industry standards. - **Partner, RIZQ** — At RIZQ we leverage FortMesa's position of trust in the industry to provide clarity around cyber security compliance issues. They have been instrumental in driving the value proposition for outsourcing advanced cyber security monitoring and administration. --- # Terms of Service _Last updated: July 16th, 2024._ ## Terms of Service ### Terms of Service Summary Changelog (2024-07-16) The following summary highlights are intended for informational purposes only. Terms are further defined herein, see below. #### Ownership & Access ##### Items - **Customer Data Ownership:** The Customer, as the Information System Owner, holds ownership of data they input. - **License to Use Data:** Customers grant us a license to use their data to support our platform. - **Data Management:** Customers are responsible for all data management. - **User Access:** Customers are responsible for managing user access. #### Security and Data Management ##### Items - **User Authentication:** Customers manage passwords and account security. - **Authorization Records:** Customers must maintain accurate authorization lists. - **Accounting Records:** We keep usage records, which are our property but may be available to Customers. #### Platform Licensing ##### Items - **Platform Ownership:** We own all services and components of our platform. - **Use License:** We grant a non-transferable license for platform use to customers. - **Feedback:** Product feedback provided becomes exclusive property of Us, including all associated intellectual property rights. #### Availability and SLA ##### Items - **1000% SLA Guarantee:** Service credits are available for unplanned downtime of our proprietary platform. - **Availability Warranty:** We reserve the right to alter services and do not guarantee availability or fitness for any purpose. #### FortMesa Marketplace ##### Items - **Vendor Collaboration:** We partner with vendors to offer complementary products. - **Warranty and Support:** These products are sold “as-is,” with no warranties or support from us. #### Confidentiality ##### Items - **Definition:** Confidential information is proprietary unless specified otherwise. - **Use Restrictions:** Confidential information must be protected and used only for contract purposes. - **Survival:** Confidentiality obligations continue after the agreement ends. - **Remedies:** Breach of confidentiality entitles the owner to injunctive relief and damages. #### Orders & Payment ##### Items - **Orders:** Customers are responsible for User usage. - **Terms:** Invoices are due immediately. Unpaid balances may accrue interest and result in service downgrades or data deletion. - **Taxes:** Fees exclude taxes unless otherwise stated. #### Term and Termination ##### Items - **Renewal:** The agreement renews automatically until terminated. - **Termination:** Either party can terminate with 30 days’ notice. Obligations continue post-termination. #### Liability and Indemnification ##### Items - **Limitation:** Liability is limited to fees paid in the prior 12 months. - **Indemnification:** Each party will defend and hold the other harmless from specific claims. - **Special Damages:** Neither party is liable for special or consequential damages. - **Force Majeure:** Neither party is liable for failure to perform due to uncontrollable factors. #### General Provisions ##### Items - **Independence:** This agreement does not create a partnership or employment relationship. - **Notices:** Must be sent via email or certified post. - **Governing Law:** Governed by New York State laws with disputes handled in specific courts. - **Assignment:** Requires written consent from both parties. - **Supersession:** This agreement replaces all prior agreements. **Policy:** Usage of our services is also subject to our [privacy policy](/privacy). ### Terms of Service ### Introduction and Agreement These Terms form a binding contract between FortMesa, Inc. (“FortMesa,” “We,” “our,” or “us”) and You, the Customer and User. “Platform” or “Services” refer to any web property, software application, professional services, or communications provided by us. #### Platform and Scopes Our products enable Customers to manage multiple instances of our software (“Scopes”), each representing an individual security boundary, even if the Customer remains the same. Users may be associated with multiple Scopes or even multiple Customers. #### Acceptance of Terms By logging into our platform, using our services, or accepting an invitation to join a Customer’s Scope, you agree to these Terms for both yourself and the Customer. You acknowledge and understand all current and future Terms posted on our website. We will notify you of any changes; if you continue to use our platform or request removal of your Scope within 14 days of notification, you accept the revised Terms. Ensure you are authorized to accept these Terms before proceeding. ### Data Ownership & Management #### Customer Ownership The Customer, identified as the Information System Owner (“Scope Owner”) on our platform, holds all ownership rights. Users, including time-limited consultants, managed services contractors, or value-added resellers, act on behalf of the Scope Owner as per NIST publication SP800-18. The Customer owns all data created, input, or imported by Users. #### User Access The Customer can assert ownership or revoke User access at any time. We retain the right to interpret Scope Owner definitions and determine Customer identity. If you use a corporate email domain owned by a Customer, we may at our option assume you own it and are authorized to represent the Customer. #### Data Management Customers can create, read, update, or delete data created by the User. Customers are responsible for managing User access to data by inviting, granting, suspending, or removing them via the FortMesa platform. Customers are informed that it is their responsibility to maintain copies or back up all platform data. #### License to Use Customer Data The Customer grants us a non-exclusive, worldwide, term-restricted license to use, copy, process, distribute, or export all Customer data for providing, maintaining, improving, and supporting our Platform. This license remains effective as long as Customer Scopes are provisioned for use. ### Security and Data Management #### User Authentication FortMesa does not manage User authentication data such as passwords. The Customer is solely responsible for managing passwords, account security features, and User access to our Platform. #### Authorization Records While we maintain authorization lists within our application, the Customer must review, amend, correct, or remove authorization records for their provisioned Scopes. We do not guarantee the accuracy or integrity of these lists, except for ensuring that Your Scope is restricted to Your associated Users. #### Accounting Records We may record and maintain extensive accounting records of product usage. You accept full responsibility for auditing these records. Although we strive for comprehensive reporting, our accounting reports may not always be exhaustive or complete. #### Accounting Retention & Ownership All accounting records are retained according to our internal policies, potentially including permanent storage. These records are solely our property and are not considered Customer data. They are not subject to the same removal policies or confidentiality agreements as Customer-provisioned data. ### Platform Licensing We own all services, software components, and processes utilized by our Platform. We grant the Customer a non-transferable, non-exclusive, non-assignable, term-restricted license to use our Platform. This license is intended for the Customer and User solely for using our Services. We retain all rights not explicitly stated herein. #### Platform Feedback We value Feedback and use it to enhance our platform. By providing Feedback, You agree it becomes our exclusive property. You assign all worldwide rights, including copyrights, trademarks, patents, and other intellectual property rights, to us, including rights to any derived works or improvements based on the Feedback. ### Availability and Service Level Agreement (SLA) #### 1000% SLA Guarantee If we acknowledge fault for unplanned downtime of our proprietary Platform or System without prior notification, Customers can request a service credit within 30 days of the incident. The credit will be ten times the prorated service charge for the outage period, up to one month’s service credit per impacted month. This guarantee applies only to incidents created by failure of FortMesa’s Platform or System and excludes third-party platform infrastructure failures. #### Availability Warranty We reserve the right to disable functions, de-provision services, remove data, or suspend access at our discretion. You waive all rights to implied, inferred, or explicit warranties regarding availability or fitness for any purpose and any claims for incidental, special, or consequential damages related to availability or fitness failures of our product or Platform. ### FortMesa Marketplace #### Vendor Collaboration We collaborate with top vendors to offer the FortMesa Marketplace, a curated collection of products and solutions that complement our platform. #### Marketplace Warranty and Support While we endorse these solutions, we do not provide warranties or support for them, nor guarantee their merchantability or performance. Resold products from the FortMesa Marketplace are sold “as-is.” Customers should direct any issues with these products to the original manufacturer, distributor, or provider. ### Confidentiality #### Definition of Confidential Information “Confidential Information” includes all information disclosed by the Data Owner to the Data Recipient during this Agreement, in any form. It does not include information that: - Was already known to the Data Recipient at the time of disclosure, as evidenced by documentation. - Becomes publicly known through no wrongful act of the Data Recipient. - is material provided to Customer as a professional services deliverable pursuant to the Agreement; - Is designated as non-confidential by written consent of the Data Owner. - Is independently developed by the Data Recipient, as evidenced by documentation. - Must be disclosed by the Data Recipient due to a court order or governmental requirement, provided the Data Owner is notified and given a chance to seek a protective order. - Is retained for data aggregation by FortMesa, provided it is de-identified before use or disclosure. #### Ownership and Return of Confidential Information All Confidential Information remains the property of the Data Owner unless otherwise specified. Confidential Information must be returned or destroyed within 30 days of a written request or the termination of this Agreement. The Data Recipient may retain Confidential Information only if required by law or regulation. #### Use and Disclosure Restrictions The Data Recipient shall: - Not disclose Confidential Information to anyone except employees or subcontractors who need to know and are bound by these confidentiality terms. - Use Confidential Information solely for the purpose of this contract. - Exercise at least the same degree of care to protect Confidential Information as it does for its own confidential information, and at a minimum, exercise reasonable care. - Store Confidential Information securely. - Be responsible for any unauthorized use or disclosure of Confidential Information by its employees, agents, or representatives. #### Survival of Confidentiality Obligations Confidentiality obligations remain in effect even after the termination of this Agreement for any Confidential Information disclosed before termination. #### Remedies for Breach In the event of a breach or threatened breach of this Confidentiality provision, the Data Owner is entitled to injunctive relief, in addition to any other legal or equitable remedies, including monetary damages. The parties acknowledge that Confidential Information is valuable and unique, and its disclosure would cause irreparable harm to the Data Owner. ### Orders & Payment #### Subscriptions and Orders All orders or subscriptions belong to Customers, not Users. Subscriptions based on User counts are tied to named Users associated with the Customer’s Scope. A User account may be linked to multiple Customer organizations or Scopes, requiring a subscription for each associated Customer Scope. Users may incur usage charges billable to Customers based on Scope Ownership. #### Payment Terms & Late Payment Invoices are due immediately unless stated otherwise. Unpaid balances may accrue an 18% APR default rate and may be sent to collections at our discretion. Failure to pay on time may lead to service downgrades or disablement. Non-payment could result in loss of service availability or deletion of Customer-owned data. #### Taxes Quoted fees exclude taxes such as VAT, sales tax, or use tax, unless stated otherwise. ### Term and Termination #### Period & Renewal This Agreement will automatically renew until terminated by either party. #### Termination Either party may terminate this Agreement at any time with at least 30 days notice. Rights and obligations under this Agreement will continue after termination and bind the parties, their legal representatives, successors, heirs, and assigns. ### Liability and Indemnification #### Liability Limitation Except where otherwise stated, the liability of both the Customer and FortMesa is limited to the cumulative subscription and non-FortMesa Marketplace order fees paid in the prior twelve (12) months. #### Indemnification Each Party agrees to indemnify, defend, and hold harmless the other Party, along with its officers, directors, employees, and agents, from all claims, damages, liabilities, costs, or expenses arising from: - A Party’s material breach of this Agreement. - Supplying information or materials that infringe on any third party’s Intellectual Property Rights. - Any actions taken or permitted by the other Party in good faith based on information received from the Party in connection with the Agreement’s performance obligations and responsibilities. Intellectual Property Rights include all patent, copyright, trademark, trade secret, Internet domain name, and other intellectual and intangible property rights. An indemnified party may choose its own counsel at its own cost. An indemnified party must approve any settlements related to indemnification. #### Exclusion of Special Damages Neither Party will be liable for special or consequential damages (including lost profits or savings) or incidental damages, even if they were informed of their possibility. #### Force Majeure A Party will not be considered in breach of this Agreement if their failure to perform any obligation is caused by factors beyond their reasonable control, such as governmental restrictions, labor disputes, emergencies, or other unavoidable causes, provided the Party exercised due care to avoid such issues. ### General Provisions #### Independence This Agreement shall not render FortMesa or its affiliates, officers, directors, employees, agents, or contractors (each, an “FortMesa Affiliate”), an employee, partner, agent of, or joint venture with the Customer for any purpose. A FortMesa affiliate is and will remain an independent contractor in their relationship to the Customer. #### Notices Notices to the Customer will use the organizational information recorded in the platform. Notices to FortMesa will use the contact method specified herein: - For administrative purposes all notices or contact attempts must be by email with a written confirmation by the recipient, or certified post with delivery receipt. - Email: [admin-ops@fortmesa.com](mailto:admin-ops@fortmesa.com) - USPS: FortMesa, Inc., PO Box 262, 60 Elm Street, Spencertown, NY 12165 #### Governing Law and Jurisdiction This Agreement is governed by New York State laws. Disputes will be exclusively handled by the courts in Albany or Columbia County, or the federal court in Albany if there is federal jurisdiction. Both parties consent to these courts’ jurisdiction and venue. #### Assignment, Waivers & Delays Neither party can assign this Agreement without the written consent of the other party. Any delay or failure to enforce the Agreement does not waive or limit the rights of either party. #### Supersession, Severability & Entire Agreement This Agreement replaces all prior arrangements, agreements, and understandings between the parties. If any part of this Agreement is found invalid or unenforceable, the rest of the Agreement remains valid and enforceable. This Agreement is the complete agreement between the parties and can only be amended in writing, signed by both parties. ### Policy Your usage of our website, platform, or service may make you subject to the terms of our privacy policy posted at [/privacy](/privacy). --- # Privacy Policy _Last updated: July 16th, 2024._ ## Privacy Policy ### Changelog The terms were most recently updated to increase clarity and make them easier to read and understand. ### Introduction In this Privacy Policy FortMesa, Inc. outlines how it collects, uses, and shares information about you and your organization. This policy covers data entered into FortMesa’s website or application and data collected through its platform. ### Scope of This Policy This Privacy Policy applies to all FortMesa services, web properties and software products. It does not govern data sent to third-party FortMesa Marketplace partners at your request. ### What We Collect #### Organizational Information Includes physical address, legal name, and administrative contact details. #### Personal Information Includes user names, email addresses, phone numbers, device identifiers, usage logs, IP addresses, geo-location data and other metadata. #### Security Engineering Metadata Information about your information infrastructure, security architecture, asset details, system owners, network addresses, and configuration-level information, which may include PII. #### Other Information Data from phone calls, emails, messaging, shared documents, or support requests. #### Cookies and Other Identifiers Used for authentication, authorization, accounting and analytic purposes, and may include third-party cookies. ### Information Usage Collected information is used for product functionality, development, support, account management, billing, communication, FortMesa marketing, and forensic purposes. De-identified or aggregated data usage is not restricted. Information usage may differ based on regionality of organization or user. ### Disclosure and Sharing Data collected by FortMesa may be disclosed or shared with third parties under the following circumstances: #### Customer Initiated Sharing Customers may choose to share data with FortMesa partners through the use of a customer configured account integration. Customers may also be introduced to FortMesa Marketplace Partners based on Customer intent or legitimate interest. #### FortMesa Business Processes Customer information may be shared with third parties under non-disclosure agreements and intended purpose restrictions solely for the purpose of FortMesa product/service delivery, customer support, and payment processing. #### Other Sharing Information may be shared for business planning (e.g., sales, dissolution, reorganization), compliance with legal requirements, or for enforcement, safety, and fraud prevention. ### Changes The policy may change periodically, with updates posted at [/privacy](/privacy). Continued use of services implies agreement to changes. ### Contact For questions or privacy requests, visit [/contact](/contact).