Capability 01
HSEEP-conformant by default.
Every AAR follows the FEMA HSEEP template. Capability targets, core capabilities, key issues, recommendations — all populated from the session and ready to forward to your state EM coordinator.
For Public sector
FEMA HSEEP-conformant tabletops, run by an AI, priced for a county.
Built for emergency managers, county CIOs, school district CTOs, and small state offices. Every exercise produces an HSEEP After-Action Report and a CISA CTEPs / NIST 800-84 crosswalk.
The problem
You have a state mandate, a mutual-aid expectation, and a budget that doesn't include $35,000 for a consultant.
Your CTEPs deadline is in the calendar. The state CISO wants an AAR on file. FEMA wants HSEEP form completion. Your IT director can run the technical side — but they can't facilitate, time-keep, capture decisions, and write the AAR at the same time. Annual Tabletop is the AI exercise director that does the facilitation work, so your team can focus on actually exercising the plan.
Why Annual Tabletop fits
Built for public sector — not retrofitted from an enterprise SOC tool.
Capability 02
CTEPs and 800-84 crosswalked.
Your AAR carries the CISA CTEPs and NIST SP 800-84 framework crosswalks alongside HSEEP. One exercise, three audit trails. No duplicate documentation work.
Capability 03
Procurement-friendly.
Cooperative-purchasing eligible. SSO included. Annual contract aligned to your fiscal year. The price on the Pricing page is the price you pay — no haggling, no per-seat surprises.
Scenarios for Public
5 scenarios tuned to your environment.
Framework crosswalks: FEMA HSEEP, CISA CTEPs, NIST 800-84, CJIS v6.0
- RansomwareAdvanced
County Election Systems — Ransomware 14 Days Before the General
Your county BoE's ePollbook vendor reports a confirmed ransomware encryption event 14 days before the November general election. Walk the room through containment, COOP activation, and public communication under HSEEP.
- NIST 800-84
- FEMA HSEEP
- CISA CTEPs
- NIST CSF 2.0
- RansomwareAdvanced
Municipal Court Records — Ransomware Under CJIS
Encrypted court records two weeks before a high-profile trial calendar. Walk the response under CJIS v6.0 notification and chain-of-custody requirements.
- CJIS v6.0
- NIST CSF 2.0
- FEMA HSEEP
- Vendor OutageAdvanced
Hospital EHR Outage — HIPAA Contingency Plan Test
Your EHR vendor takes a regional outage during a Friday-night ED surge. Walk the HIPAA §164.308 contingency plan and document the test for your next OCR audit.
- HIPAA §164.308
- NIST CSF 2.0
- NIST 800-84
- RansomwareIntermediate
K-12 District — Student Information System Ransomware
A ransomware event encrypts the SIS one week before report cards. Run the response under FERPA, state DOE notification rules, and parent communication constraints.
- NIST CSF 2.0
- FEMA HSEEP
- CISA CTEPs
- OT / ICS IntrusionAdvanced
Municipal Water — OT Intrusion in the SCADA Network
An anomalous setpoint change is detected in the water-treatment SCADA. Walk the IT/OT coordination, public-health threshold decisions, and EPA notification under the Water Sector annex.
- NIST CSF 2.0
- FEMA HSEEP
- CISA CTEPs
Sample AAR
Sample county-government AAR. HSEEP framework, CTEPs crosswalk, decisions captured against your jurisdiction's actual COOP and ESF #2 plan.
The AAR is the artifact. It's what your state EM coordinator actually reads. Every Annual Tabletop exercise produces one.
After-Action Report
Public sector — Sample Exercise
Conducted via Annual Tabletop · 60 minutes · FEMA HSEEP, CISA CTEPs, NIST 800-84, CJIS v6.0
- Scenario
- Constrained-decision injects tuned to a Public environment.
- Decisions captured
- Three time-boxed decisions, scored against your plan. Each maps to a framework control in the AAR.
- Framework crosswalk
- FEMA HSEEPCISA CTEPsNIST 800-84CJIS v6.0
Pricing
Public-sector pricing, built for actual public-sector procurement.
Municipal / Small Public tier pricing is published. Cooperative-purchasing vehicles and direct procurement both supported. State agency and large public system buyers should look at the Enterprise / State tier.
FAQ
Public sector — questions we get
Is this HSEEP-conformant?
Yes. AARs follow the FEMA HSEEP template — capability targets, core capabilities, key issues, recommendations, and IPP. We map every captured decision back to a HSEEP capability target so your state EM coordinator gets exactly what they expect.Will it satisfy CISA CTEPs?
Yes. Our scenario library uses CISA CTEPs as one of the source taxonomies, and every AAR carries the CTEPs crosswalk so you can demonstrate alignment to CISA-supplied scenario packages.Does it work for CJIS audits?
Yes. CJIS Security Policy v6.0 §5.3 (incident response) is one of the framework crosswalks we generate. Run the IR scenario, get an AAR with §5.3 evidence, hand it to your CJIS auditor.How does cooperative purchasing work?
We support major cooperative-purchasing vehicles and state contracts. Talk to us with your preferred vehicle and we'll confirm. GSA schedule status is published on the Pricing FAQ.Can my IT director run this without a consultant?
That's the entire point. Atlas, our AI exercise director, runs the session — facilitates injects, time-keeps, captures decisions. Your IT director and EM coordinator participate as participants, not as facilitators.