Atlas
Security operations & compliance platform.
Unified security operations and compliance management for defense-adjacent organizations. Atlas consolidates asset management, incident command, CMMC compliance tracking, alert management, and runbook execution into one private deployment — on the customer’s infrastructure.
See Atlas in Action
What Atlas Does
hubAtlas is a self-hosted security operations and compliance management platform designed for defense-adjacent organizations. It provides a unified environment for tracking assets, managing security incidents, ingesting events from external systems, tracking CMMC compliance practices, and executing documented response procedures — without depending on external SaaS services or third-party cloud infrastructure.
Where traditional tools fragment operational awareness across disconnected dashboards and siloed data stores, Atlas consolidates the full security picture into a single workspace. Incidents follow structured lifecycle workflows from detection through resolution. Alerts are triaged by severity, escalated to incidents with one action, and resolved through documented runbooks. Compliance practices are tracked across all 14 CMMC domains, with evidence files, assignment workflows, and direct export to POAM and SSP formats.
Atlas is built for environments where data sovereignty is non-negotiable, where compliance documentation must be continuous rather than periodic, and where the operational picture must be accurate, current, and accessible to authorized personnel at all times.
Core Modules
Asset Registry
Centralized asset registry covering servers, workstations, network devices, storage, and endpoints. Each asset carries classification, status, IP and MAC addressing, location, and full lifecycle state — with inline editing and audit trail for every change.
Incident Command
Structured incident lifecycle management across five stages: Open, Investigating, Contained, Resolved, and Closed. Severity classification, operator assignment, timeline tracking, resolution documentation, and direct linkage to raw events — all within a single command interface.
Compliance Tracking
Continuous CMMC compliance management across all 14 practice domains. Each practice tracks implementation status, notes, evidence files, assigned owner, and target date. Export directly to POAM and SSP formats — the primary deliverables for CMMC assessment.
Alert Management
Security alert triage across five severity tiers — Critical, High, Medium, Low, and Info. Alerts are created manually or ingested from external systems via webhook. One-click status workflows (acknowledge, resolve, dismiss) and direct escalation to an incident keep the triage loop tight.
Event Ingestion
Webhook-based event ingestion from external monitoring tools, SIEMs, and data pipelines. Ingested events carry source, category, severity, and raw payload — and can be linked to active incidents to build a complete forensic timeline.
Runbook Execution
Authored response procedures with live execution tracking. Runbooks define ordered steps — actions, decisions, verifications, and escalations — that operators check off in real time during an incident. Execution history records who completed each step, when, and with what notes.
Technical Specifications
developer_boardSelf-hosted on customer infrastructure. No external cloud dependencies. Full operational control and data sovereignty remains with the deploying organization.
MySQL with organization-level data isolation. Every record — assets, alerts, incidents, compliance practices, audit logs — is strictly scoped to the owning organization at the query layer.
JWT-based sessions with TOTP two-factor authentication. Three-tier role-based access control — Admin, Analyst, and Viewer — enforced at every API endpoint. Sessions are invalidated immediately on password change or administrative action.
Authenticated webhook endpoint for programmatic ingestion of events, alerts, and incidents from external systems. Accepts structured payloads from SIEMs, monitoring tools, or custom pipelines with bearer token authorization.
On-demand report generation in JSON and CSV. Formats include POAM (Plan of Action & Milestones), SSP (System Security Plan), asset inventory, and operational summary — designed for direct submission to CMMC assessors.
Multi-organization architecture supports multiple independent tenants on a single deployment. Each organization operates in complete isolation — separate users, assets, incidents, compliance records, and audit logs.
Security & Compliance
shieldData Sovereignty
Full data sovereignty with zero external SaaS dependencies. All data remains on customer-controlled infrastructure at all times.
Session Security
JWT sessions are validated on every request. Changing a password immediately invalidates all active sessions. Administrators can force-logout any user at any time. Login attempts are rate-limited by IP address.
Audit Logging
Comprehensive audit logging captures all significant operations — authentication events, configuration changes, data access, and administrative actions.
Workspace Isolation
Workspace-level data isolation ensures strict tenant separation. Users, assets, events, and configurations are scoped and enforced at every layer.
Get Started
Deploy Atlas in your environment
Atlas is available for deployment on customer infrastructure. Access the platform directly or request a guided demonstration to evaluate its capabilities against your security operations and compliance requirements.