NIST AI RMF compliance reports · sprk3.com
Compliance Report
NIST AI RMF 1.0
Every scan finding mapped to NIST AI RMF controls. Print-ready PDF you can hand to an auditor.
  • GOVERN — policies, accountability, secrets management
  • MAP — supply chain risk, third-party dependencies
  • MEASURE — vulnerability testing, attack path analysis
  • MANAGE — risk treatment, remediation tracking
  • Posture score — 0–100 security posture across all scans
  • Print to PDF — Cmd+P, hand to auditor
Scan History
Findings Dashboard
Every scan stored server-side. Track findings over time, see what was fixed, what's still open.
  • Per-repo tracking — findings history per target
  • Severity trends — are you getting better or worse?
  • Finding attribution — which NIST control each finding maps to
  • Scan coverage — what's covered and what isn't
  • Attestation — DOI citation to NIST AI RMF 1.0 standard
Scan + Comply — same API key
Sign up once at scan.sprk3.com or here. Run scans with the binary. Come back to Comply with your API key to view your report — no extra setup.
How it works
1Sign up — one account works across Scan, Comply, and Defend.
2Run scans with the binary — ./sprk3_scan /your/repo — findings are stored to your account.
3Open your report at comply.sprk3.com — enter your API key to view findings mapped to NIST controls.
4Print to PDF — Cmd+P → Save as PDF. Hand it to your auditor or security review board.
NIST AI RMF 1.0 — Functions covered
GOVERN
Policies, accountability, and culture for AI risk management. Covers secrets management and organizational policy gaps.
MAP
Identifies and categorizes AI risks in business and technical context. Covers supply chain and third-party model risk.
MEASURE
Analyzes and assesses AI risk using quantitative methods. Covers vulnerability testing and CVSS scoring.
MANAGE
Prioritizes, responds to, and monitors AI risks. Covers remediation tracking and residual risk documentation.
Framework reference: NIST AI Risk Management Framework (AI RMF 1.0), January 2023 — doi.org/10.6028/NIST.AI.100-1
We protect secrets. We don't collect them.
No file contents — we never read your code, data, models, or documents
No credentials — we never see passwords, tokens, API keys, or environment variables
Hashed paths only — file paths are SHA256-hashed before leaving your machine
Free during beta — full access, no credit card, no limits

Get started

Free during beta — no credit card needed. One account for Scan, Comply, and Defend.
Your API key:
Use this key to view your compliance report after running a scan.
Download Scanner
Scan · Defend · office@daridor.info · © 2026 SPR{k3 Security Research