Skip to main content
Annual Tabletop
Try the demo
Menu

Annual Tabletop by Thagentix

The AI cybersecurity tabletop your auditor, examiner, or carrier already trusts.

Atlas, our AI exercise director, runs a 60-minute session on your environment. You walk out with an HSEEP-conformant After-Action Report mapped to NIST, FFIEC, HIPAA, PCI, CJIS, and CMMC — ready to forward to whoever\u2019s asking.

Try the demoSee the platform

Built for the frameworks our buyers are graded on

  • NIST CSF 2.0
  • NIST 800-84
  • FEMA HSEEP
  • CISA CTEPs
  • CJIS v6.0
  • HIPAA §164.308
  • FFIEC
  • PCI 12.10
  • CMMC IR.L2

Six buyers. One platform.

Pick the page that matches your world.

Atlas is the same engine for everyone. The scenario library, framework crosswalks, AAR samples, and procurement language are tuned to each segment so the page reads like you wrote it.

  • Public

    I'm a county / city / state agency

    FEMA HSEEP, CISA CTEPs, NIST 800-84, CJIS v6.0

    See the Public page

  • Financial

    I'm at a bank, credit union, or FinTech

    FFIEC IT Handbook, FFIEC CAT, NCUA ACET, NYDFS 23 NYCRR §500, GLBA Safeguards

    See the Financial page

  • Regulated

    I run security for a SOC 2 / HIPAA / PCI / CMMC org

    SOC 2 CC7.4/CC7.5, HIPAA §164.308, PCI 12.10, CMMC IR.L2-3.6.3

    See the Regulated page

  • MSP

    I'm an MSP or IR consultant

    White-label, multi-tenant, partner pricing

    See the MSP page

  • SMB

    My carrier, customer, or board is asking me about IR readiness

    NIST CSF 2.0 subset, CIS Controls v8 IG1/IG2, cyber-insurance evidence

    See the SMB page

  • Non-profit

    I run cybersecurity for a non-profit

    Non-profit cyber-grant frameworks, mission-priced tier

    See the Non-profit page

How it works

Three steps from sign-up to a finished AAR.

  1. 1

    Pick a scenario

    Filter the library by framework, threat type, segment, or complexity. Pick one your auditor will recognize.

  2. 2

    Atlas runs the session

    Our AI exercise director presents injects, captures decisions, and adapts within framework-aligned bounds. In-person or async.

  3. 3

    Get an audit-ready AAR

    An HSEEP-conformant After-Action Report — decisions captured, evidence linked, framework crosswalks built in. PDF + DOCX.

90-second demo

No sign-up. No sales call. A sample AAR in your inbox.

Pick the scenario closest to your world — county ransomware, bank wire fraud, hospital EHR outage, SMB BEC — and Atlas will walk you through three constrained decisions in about ninety seconds. At the end, download the AAR. It's the same artifact a real exercise produces.

Try the demo

Why Annual Tabletop

Built where the incumbents aren't.

Enterprise SOC platforms run the Fortune 500. CISA CTEPs are a PDF. Consultants bill $25-50K for a half-day. Everyone else — counties, banks, clinics, manufacturers, MSPs, non-profits — has been stuck between a free template and a six-figure engagement. We built for the middle.

Capability 01

Framework-aligned by default

Every scenario maps to NIST CSF 2.0, NIST 800-84, FEMA HSEEP, CISA CTEPs, CJIS v6.0, HIPAA §164.308, FFIEC, PCI 12.10, and CMMC IR.L2-3.6.3. Your AAR is graded on the same axes as your audit.

See frameworks

Capability 02

AAR your auditor already trusts

HSEEP-conformant. Every decision time-stamped, scored, and mapped to a framework control. PDF and DOCX, ready to forward to your FFIEC examiner, SOC 2 auditor, state EM coordinator, cyber carrier, or board.

Download a sample

Capability 03

Priced for the buyer, not the brand

Seven tiers, published pricing, no haggling. A non-profit tier, a sub-$5K SMB tier, and a partner tier for MSPs who run this for their whole book. No per-seat taxes. No $50K enterprise floor.

See pricing

Audit-ready AAR

The artifact your auditor actually wants.

Every Annual Tabletop session ends with an HSEEP-conformant After-Action Report. Decisions captured. Framework crosswalks built in. Recommended next steps generated by Atlas. PDF + DOCX, ready to forward to your QSA, your underwriter, or your state auditor.

Download the sample AARHow AARs work

After-Action Report

County Election Systems — Ransomware Inject

Conducted via Annual Tabletop · 60 minutes · 7 participants · NIST 800-84 + FEMA HSEEP

Scenario summary
At 06:14, the BoE's ePollbook vendor reports a confirmed ransomware encryption event 14 days before the November general election.
Decisions captured

Initiated COOP per ESF #2 within 22 minutes.

Notified CISA and state CISO; held off public statement pending verification.

Activated paper-pollbook contingency for 14 precincts.

Framework crosswalk
NIST CSF 2.0 RC.RP-1 · NIST 800-84 §3.4.3 · HSEEP Capability Target #4 · CISA Election Security Toolkit §2
This is a sample AAR generated by Annual Tabletop. A real AAR includes deeper sections (participants, observations, evaluator notes, IPP). Try a full exercise at annualtabletop.com.

Design partners

Design partners are running real exercises across county government, community banks and credit unions, regional healthcare, manufacturing, and MSP firms. Logos appear here as design-partner agreements clear legal review — we don't list anyone we can't name.

From the founder

We built Annual Tabletop to make the required activity the most useful hour of the year — not a checkbox you dread.

Annual Tabletop comes out of ThagentixCyber, our cybersecurity advisory practice. We've facilitated tabletops for counties, hospitals, financial services, and MSPs — and watched the same gap every time: the framework demands an annual exercise, but the tools are built for SOC analysts, not for the people actually being audited.

Read more on the About page →

FAQ

Frequently asked questions

  • How much does it cost?

    All seven tiers are published on /pricing. Non-profits start at an apply-only mission tier. General SMB runs a flat $1,200/yr. Regulated SMB and Financial Institutions sit between $3.6K and $6.1K. Public sector and enterprise are quoted from a published anchor. No gating, no haggling.

  • I’m a bank / credit union / FinTech. Which page is mine?

    /for/financial-institutions. The scenario library, AAR samples, and crosswalks are tuned to FFIEC IT Handbook, FFIEC CAT, NCUA ACET, NYDFS 23 NYCRR §500, and the GLBA Safeguards Rule. Pricing is its own tier.

  • What’s the difference between Regulated SMB and General SMB?

    Regulated SMB is for orgs whose annual exercise is mandated by SOC 2, HIPAA, PCI, or CMMC. General SMB is for orgs whose cyber carrier, customer, or board is asking — no formal regulatory mandate. Same Atlas, different framework language and different price.

  • How long does a session take?
    Most exercises run 45–75 minutes. The home-page demo is a 90-second guided sequence so you can see the artifact before you buy.
  • Which frameworks do you support?
    NIST CSF 2.0, NIST 800-84, FEMA HSEEP, CISA CTEPs, CJIS v6.0, HIPAA §164.308, FFIEC IT Handbook, PCI DSS 12.10, and CMMC IR.L2-3.6.3 at launch. FFIEC CAT, NCUA ACET, NYDFS 23 NYCRR §500, and GLBA Safeguards crosswalks are bundled into the Financial Institutions tier.
  • How do you handle our data?

    Encrypted in transit and at rest. U.S.-only hosting available. Decisions and AAR content stay in your tenant. See /security for hosting region, retention, DPA, and access control details.

  • Who facilitates the session — you or us?
    Atlas, our AI exercise director, runs the session. Your team participates as the players. For MSPs, white-label mode strips Annual Tabletop branding so the partner delivers the experience under their own name. No human consultant needed in the room.
  • Is white-label available?

    Yes — on the MSP / Partner tier. Per-tenant AARs, per-tenant access control, customer-deliverable in 48 hours. Full white-label kit details on /for/msp.

Make the required hour the most useful one of your year.

Try the 90-second demo, or talk to us about your next exercise.

Try the demoTalk to us