Simple, Transparent Pricing
GRC compliance plans plus pay-as-you-go iASM security credits. Explore your attack surface free — pay only when you act.
Starter
For small teams starting their compliance journey with one framework.
$1,490/year
Save $298/yr
Start Free Trial- 1 compliance framework (SOC 2, ISO 27001, HIPAA, or PCI-DSS)
- Up to 25 users
- Automated audit progress tracking
- Basic evidence upload & management
- Document library (policies & procedures)
- Monthly risk score report
- External attack surface monitoring
- Email support
- 99.9% uptime SLA
Professional
Most popular
For growing organizations managing multiple compliance frameworks with active security monitoring.
$6,990/year
Save $1,398/yr
30 iASM credits included
Start Free Trial- Up to 5 compliance frameworks
- Up to 200 users
- Cross-framework control mapping
- Automated evidence harvesting (AWS, GitHub, Jira)
- Executive reporting & risk trend charts
- Vendor risk assessments
- External & internal attack surface monitoring
- iASM Starter pack included (30 credits)
- Priority email & phone support
- 99.99% uptime SLA
- Dedicated compliance advisor
Business
For mid-market and multi-entity teams running many frameworks with active security operations.
$17,990/year
Save $3,598/yr
120 iASM credits included
Start Free Trial- Up to 15 compliance frameworks
- Up to 1,000 users
- Everything in Professional, plus:
- iASM Standard pack included (120 credits)
- BAS simulation runs included
- SSO / SAML & advanced RBAC
- Advanced executive reporting & full API access
- Dedicated customer success manager
- 24/7 priority support
- 99.99% uptime SLA
Enterprise
Unlimited frameworks, white-label, partner reseller capabilities, and iASM credit bundles.
Custom
Contact Sales- Unlimited compliance frameworks
- Unlimited users & organizations
- Partner / CISO Reseller dashboard
- CPA audit engagement workflows
- White-label branding for your clients
- Post-paid partner billing ($99/framework/client/month)
- iASM credits bundle (negotiated volume pricing)
- BAS simulation included per contract
- Full API access
- 24/7 premium support with dedicated SLA
- 99.999% uptime SLA
- Custom MSA & on-premise deployment option
CISO & CPA Partner Billing
Partners who manage client organizations are billed post-paid on the 1st of each month. Each active client–framework enrollment is charged at $99/framework/month. No upfront commitment. Invoices are auto-generated and sent to the partner account.
Special Incentives for CISOs & CPAs
We built CATAAM for the practitioners who do the hard work. Partners get special treatment — credits, billing flexibility, and hands-on support to win their first client engagements.
100 Free iASM Credits
On activationEvery new CISO Reseller and CPA Partner account receives 100 iASM credits on activation — enough for 2 full AWS BAS runs or 20 connector sync+audit cycles.
Post-Paid Billing — Zero Upfront
No upfrontFramework enrollments for client organizations are billed post-paid on the 1st of each month at $99/framework. No credit card required at sign-up.
Volume Credit Discounts
3+ clientsPartners managing 3 or more active client organizations qualify for volume-discounted iASM credit bundles. Contact us to negotiate custom pricing.
Dedicated Onboarding Support
IncludedCISO and CPA partners receive a dedicated compliance engineering contact for onboarding, training, and first client engagement setup.
Frequently Asked Questions
- What compliance frameworks does CATAAM support?
- CATAAM supports SOC 2 (Security, Availability, Confidentiality, Processing Integrity, Privacy), ISO 27001 (Annex A & Clause 4+), HIPAA (Security & Breach Notification), PCI-DSS, NIST CSF, COBIT 5, and ITIL. New frameworks are added regularly.
- What is iASM and how is it different from regular compliance?
- Internal Attack Surface Management (iASM) discovers and maps your internal cloud infrastructure — AWS EC2, RDS, S3, Lambda, IAM roles, and more — then runs automated security audits and visualizes attack paths in a force-directed graph. Unlike compliance frameworks (which track controls), iASM actively identifies vulnerabilities in live infrastructure. It complements compliance by providing real-world evidence of your security posture.
- What is Breach & Attack Simulation (BAS) and how much does it cost?
- BAS simulates real adversary attack techniques against your environment. AWS BAS runs IAM privilege escalation, S3 ACL bypass, CloudTrail evasion, and EC2 metadata exposure checks — costing 15 credits per run. SSH BAS probes test brute-force resistance, cipher weaknesses, and lateral movement — costing 10 credits per run. Every finding maps to MITRE ATT&CK techniques and CVEs.
- Is iASM free to use?
- Yes — connecting cloud accounts, discovering assets, and browsing your attack surface graph is completely free. Credits are only consumed when you take active operations: connector sync + security audit (5 credits), manual audit (3 credits), AWS BAS simulation (15 credits), SSH BAS probe (10 credits), or attack path simulation (2 credits).
- How does iASM credit pricing compare to competitors?
- Commercial platforms like Qualys CSPM, Rapid7 InsightVM, and Tenable One charge $2,000–$5,500/month for equivalent iASM and BAS coverage. CATAAM's Standard pack (120 credits, $1,999) covers 4 full weekly cycles per month — the same scope at ~50% below the market median. The Professional pack (350 credits, $4,999) covers multiple client organizations simultaneously.
- How does partner billing work for CISO Resellers?
- When a CISO Reseller or CPA Partner enrolls a client organization in a framework, a billing event is recorded. On the 1st of each month, an invoice is automatically generated covering all active enrollments at $99/framework/month per client. Partners also receive 100 free iASM credits on account activation. Additional credits can be purchased by the partner or granted by the platform admin.
- Can the platform admin grant credits to client organizations?
- Yes. Platform administrators have an iASM Credits panel where they can grant any number of credits to any client organization with a reason note, or apply a discount (bonus credits) as a promotion or service compensation. This is separate from client-purchased credit packs.
- Can I switch plans later?
- Yes. Upgrades take effect immediately and you receive prorated access to new features. Downgrades take effect at the start of your next billing cycle. Switching from an individual plan to a Partner plan requires contacting our team to set up the partner context.
- Is there a free trial?
- Yes — all GRC plans include a 14-day free trial with no credit card required. iASM asset discovery and graph viewing are always free. Enterprise customers and new partners can request a custom demo and extended trial period.
- What is your refund policy?
- We offer a 30-day money-back guarantee for first-time Starter and Professional subscribers. iASM credit packs are non-refundable once credits have been consumed. See our full Refund Policy for partner billing disputes and enterprise terms.
Ready to run your first compliance framework?
Start with GRC at $99/framework/month, or explore your cloud attack surface for free — no upfront commitment required.
Get Started Now