Pricing
Public pricing. Seven tiers, sized to actual buyers.
Every paid tier ships with the full scenario library, AI facilitation, and an audit-ready AAR. Numbers below are launch placeholders the founder will refine before GA — every tier link is live today.
Non-profit
Apply/ mission-priced
Mission-priced. Built for non-profits with a cyber-grant or insurance requirement. Apply — no haggling.
- Full scenario library
- AI-facilitated sessions
- HSEEP-conformant AAR
- NIST CSF 2.0 + grant-program crosswalks
- Email support
General SMB
$1,200/ year
Entry tier for small and midsize businesses without a compliance regime — but with a carrier, customer, or board asking for IR readiness.
- Full scenario library
- AI-facilitated sessions
- NIST CSF 2.0 + CIS Controls v8 IG1/IG2 AAR
- Cyber-insurance-renewal cover sheet
- Email support
Municipal / Small Public
$2,450/ year
For counties, cities, school districts, water utilities, and small state offices. Procurement-friendly.
- Full library + public-sector scenarios
- FEMA HSEEP + CISA CTEPs + NIST 800-84 + CJIS AAR
- Cooperative-purchasing eligible
- SSO included
- Priority support
Regulated SMB
$3,625/ year
For SOC 2, HIPAA, PCI, and CMMC-bound SMBs. Annual cadence aligned to your audit calendar. (FI buyers — see Financial Institutions tier.)
- Full library + regulated-SMB scenarios
- SOC 2 / HIPAA / PCI / CMMC AAR templates
- Audit-grade timestamping + signing
- SSO included
- Standard support
Financial Institutions
$6,125/ year
For community banks, credit unions, and FinTechs. FFIEC, NCUA, NYDFS, and GLBA crosswalks in every AAR. Examiner-ready evidence packet.
- Full library + FI-specific scenarios (wire fraud, BEC, ransomware)
- FFIEC IT Handbook + FFIEC CAT + NCUA ACET AAR
- NYDFS 23 NYCRR §500 + GLBA Safeguards crosswalks
- Custom inject creation for your wire-room runbook
- SSO + dedicated CSM
MSP / Partner
From $375/ tenant / year
Multi-tenant + white-label. Deliver tabletops to your customers under your own brand. Volume tiers below 10, 25, and 50 tenants.
- White-label Atlas + AAR
- Per-tenant AARs + access control
- Partner pricing
- Dedicated partner manager
- Co-marketing kit
Enterprise / State
Custom/ enterprise
State agencies, large public systems, multi-region enterprises, and regulated-FI parent companies. Custom procurement, data residency, dedicated tenancy.
- Dedicated tenant + data-residency options
- Custom scenarios + frameworks
- Dedicated CSM
- VPAT / Section 508 on request
- Security-questionnaire concierge
Universal floor
Every paid tier ships with
- AI facilitationAtlas runs the session. No outside facilitator required.
- Full libraryEvery scenario, every framework — no per-scenario gating.
- AAR generationHSEEP-anchored, framework crosswalks, PDF + DOCX.
- WCAG 2.1 AAEvery surface. No exceptions.
How we price against the alternatives
Less than one consultant exercise. More than a static slide deck.
| Alternative | Typical cost | Trade-off |
|---|---|---|
| CISA CTEPs (DIY) | Free | No facilitation, no AI, no AAR template — you write everything. |
| DIY tabletop tools | $2–5K / year | Static scenarios, no live facilitation, partial AAR. |
| Consultant-run exercise | $25–50K per exercise | Excellent quality, but not annual-affordable for most SMB / FI / public-sector buyers. |
| Enterprise SOC platform | $50K+ / year | Built for Fortune 500. Per-seat pricing prices everyone else out. |
| Annual Tabletop | $1.2K–$6.1K / year | AI facilitation, framework AAR, annual cadence — sized to who you are. |
All comparison figures are publicly observable benchmarks. Annual Tabletop figures above the table are launch placeholders pending the v1.1 pricing-model pass.
Non-profit application
Mission-driven orgs shouldn't have to haggle.
Tell us about your mission, your cyber-grant or insurance requirement, and the scenarios you need. We'll reply within three business days with a price we can both live with.
Apply for non-profit tier →FAQ
Frequently asked questions
How does public-sector procurement work?
We support cooperative-purchasing vehicles, state contracts, and direct procurement. GSA schedule status will be listed here at GA. Talk to us with your preferred vehicle and we'll confirm.Annual billing, monthly billing, or both?
Annual at launch — the cadence is in the name. Monthly billing available on the Enterprise / State tier on request.What's the difference between Regulated SMB and Financial Institutions?
Regulated SMB covers SOC 2, HIPAA, PCI DSS, and CMMC. Financial Institutions adds the FFIEC IT Examination Handbook, FFIEC CAT, NCUA ACET, NYDFS 23 NYCRR §500, and GLBA Safeguards crosswalks, plus FI-specific inject libraries (wire fraud, SAR-filing decisions, NYDFS 72-hour clock). Banks, credit unions, and FinTechs want the FI tier.What's the difference between General SMB and Regulated SMB?
General SMB is the entry tier for orgs that aren't compliance-driven but want the AAR for cyber-insurance, customer questionnaires, or board oversight. Regulated SMB adds the audit-grade AAR templates and framework crosswalks (SOC 2 / HIPAA / PCI / CMMC) that auditors specifically ask for.Can I cancel?
Yes. Pro-rated refund on the current year, minus any consumed custom-scenario work.Is white-label included on every tier?
White-label is the headline of the MSP / Partner tier. Other tiers can add it as a per-tenant upgrade — talk to us.Are these prices final?
No. The numbers on this page are launch placeholders the founder will refine before GA. Tier names, framework coverage, and inclusions are stable; the dollar amounts may move ±20%.