Une tarification simple et transparente

Des forfaits de conformité GRC ainsi que des crédits de sécurité iASM à l'usage. Explorez gratuitement votre surface d'attaque — ne payez que lorsque vous agissez.

MensuelAnnuel (Économisez ~17 %)

Starter

For small teams starting their compliance journey with one framework.

$1,490/an

Save $298/yr

Démarrer l'essai gratuit
  • 1 compliance framework (SOC 2, ISO 27001, HIPAA, or PCI-DSS)
  • Up to 25 users
  • Automated audit progress tracking
  • Basic evidence upload & management
  • Document library (policies & procedures)
  • Monthly risk score report
  • External attack surface monitoring
  • Email support
  • 99.9% uptime SLA

Professional

Le plus populaire

For growing organizations managing multiple compliance frameworks with active security monitoring.

$6,990/an

Save $1,398/yr

30 iASM credits included

Démarrer l'essai gratuit
  • Up to 5 compliance frameworks
  • Up to 200 users
  • Cross-framework control mapping
  • Automated evidence harvesting (AWS, GitHub, Jira)
  • Executive reporting & risk trend charts
  • Vendor risk assessments
  • External & internal attack surface monitoring
  • iASM Starter pack included (30 credits)
  • Priority email & phone support
  • 99.99% uptime SLA
  • Dedicated compliance advisor

Business

For mid-market and multi-entity teams running many frameworks with active security operations.

$17,990/an

Save $3,598/yr

120 iASM credits included

Démarrer l'essai gratuit
  • Up to 15 compliance frameworks
  • Up to 1,000 users
  • Everything in Professional, plus:
  • iASM Standard pack included (120 credits)
  • BAS simulation runs included
  • SSO / SAML & advanced RBAC
  • Advanced executive reporting & full API access
  • Dedicated customer success manager
  • 24/7 priority support
  • 99.99% uptime SLA

Enterprise

Unlimited frameworks, white-label, partner reseller capabilities, and iASM credit bundles.

Custom

Contacter le service commercial
  • Unlimited compliance frameworks
  • Unlimited users & organizations
  • Partner / CISO Reseller dashboard
  • CPA audit engagement workflows
  • White-label branding for your clients
  • Post-paid partner billing ($99/framework/client/month)
  • iASM credits bundle (negotiated volume pricing)
  • BAS simulation included per contract
  • Full API access
  • 24/7 premium support with dedicated SLA
  • 99.999% uptime SLA
  • Custom MSA & on-premise deployment option

CISO & CPA Partner Billing

Partners who manage client organizations are billed post-paid on the 1st of each month. Each active client–framework enrollment is charged at $99/framework/month. No upfront commitment. Invoices are auto-generated and sent to the partner account.

Devenir partenaire →
🎁 Avantages partenaires

Avantages spéciaux pour les CISO et les CPA

Nous avons conçu CATAAM pour les praticiens qui font le travail difficile. Les partenaires bénéficient d'un traitement spécial — crédits, flexibilité de facturation et accompagnement concret pour remporter leurs premières missions clients.

🎁

100 Free iASM Credits

On activation

Every new CISO Reseller and CPA Partner account receives 100 iASM credits on activation — enough for 2 full AWS BAS runs or 20 connector sync+audit cycles.

💳

Post-Paid Billing — Zero Upfront

No upfront

Framework enrollments for client organizations are billed post-paid on the 1st of each month at $99/framework. No credit card required at sign-up.

📦

Volume Credit Discounts

3+ clients

Partners managing 3 or more active client organizations qualify for volume-discounted iASM credit bundles. Contact us to negotiate custom pricing.

🤝

Dedicated Onboarding Support

Included

CISO and CPA partners receive a dedicated compliance engineering contact for onboarding, training, and first client engagement setup.

Foire aux questions

What compliance frameworks does CATAAM support?
CATAAM supports SOC 2 (Security, Availability, Confidentiality, Processing Integrity, Privacy), ISO 27001 (Annex A & Clause 4+), HIPAA (Security & Breach Notification), PCI-DSS, NIST CSF, COBIT 5, and ITIL. New frameworks are added regularly.
What is iASM and how is it different from regular compliance?
Internal Attack Surface Management (iASM) discovers and maps your internal cloud infrastructure — AWS EC2, RDS, S3, Lambda, IAM roles, and more — then runs automated security audits and visualizes attack paths in a force-directed graph. Unlike compliance frameworks (which track controls), iASM actively identifies vulnerabilities in live infrastructure. It complements compliance by providing real-world evidence of your security posture.
What is Breach & Attack Simulation (BAS) and how much does it cost?
BAS simulates real adversary attack techniques against your environment. AWS BAS runs IAM privilege escalation, S3 ACL bypass, CloudTrail evasion, and EC2 metadata exposure checks — costing 15 credits per run. SSH BAS probes test brute-force resistance, cipher weaknesses, and lateral movement — costing 10 credits per run. Every finding maps to MITRE ATT&CK techniques and CVEs.
Is iASM free to use?
Yes — connecting cloud accounts, discovering assets, and browsing your attack surface graph is completely free. Credits are only consumed when you take active operations: connector sync + security audit (5 credits), manual audit (3 credits), AWS BAS simulation (15 credits), SSH BAS probe (10 credits), or attack path simulation (2 credits).
How does iASM credit pricing compare to competitors?
Commercial platforms like Qualys CSPM, Rapid7 InsightVM, and Tenable One charge $2,000–$5,500/month for equivalent iASM and BAS coverage. CATAAM's Standard pack (120 credits, $1,999) covers 4 full weekly cycles per month — the same scope at ~50% below the market median. The Professional pack (350 credits, $4,999) covers multiple client organizations simultaneously.
How does partner billing work for CISO Resellers?
When a CISO Reseller or CPA Partner enrolls a client organization in a framework, a billing event is recorded. On the 1st of each month, an invoice is automatically generated covering all active enrollments at $99/framework/month per client. Partners also receive 100 free iASM credits on account activation. Additional credits can be purchased by the partner or granted by the platform admin.
Can the platform admin grant credits to client organizations?
Yes. Platform administrators have an iASM Credits panel where they can grant any number of credits to any client organization with a reason note, or apply a discount (bonus credits) as a promotion or service compensation. This is separate from client-purchased credit packs.
Can I switch plans later?
Yes. Upgrades take effect immediately and you receive prorated access to new features. Downgrades take effect at the start of your next billing cycle. Switching from an individual plan to a Partner plan requires contacting our team to set up the partner context.
Is there a free trial?
Yes — all GRC plans include a 14-day free trial with no credit card required. iASM asset discovery and graph viewing are always free. Enterprise customers and new partners can request a custom demo and extended trial period.
What is your refund policy?
We offer a 30-day money-back guarantee for first-time Starter and Professional subscribers. iASM credit packs are non-refundable once credits have been consumed. See our full Refund Policy for partner billing disputes and enterprise terms.

Ready to run your first compliance framework?

Start with GRC at $99/framework/month, or explore your cloud attack surface for free — no upfront commitment required.

Get Started Now