VoidNet/Docyard
Coming soon · v0.9 · private beta

Your posture, living.

Docyard is where your security documentation stops being a PDF — and starts being a workspace. Scanner-connected, OSCAL-native, assessor-ready the moment you need it.

Built by system operators who know what's useful.

Join the waitlist See what's inside
docyard.voidnetsystems.com · ACME-42 · CMMC L2
● PREVIEW
Workspace Readiness 74% Controls 110 Policies 27 Evidence 1.4k Assessments 3 Feeds CrowdStrike Defender Nessus

Readiness · CMMC L2

74%
3.1.1Limit system access to authorized usersAC
3.3.1Audit records of security eventsAU
3.5.1Identify system users & processesIA
3.11.1Periodically assess risk from unauthorized disclosureRA
3.13.11Employ FIPS-validated cryptographySC
3.14.6Monitor organizational systemsSI
Why we built it
Compliance documentation should not be homework you redo before every audit. It should be a living system — the truth about how your environment is run, always one query away from a defensible attestation.
01 / Inside Docyard

Nine modules. One source of truth.

Everything you need to stand up, run, and prove a modern security program — without a folder full of stale Word docs.

Control library

CMMC L1/L2, NIST 800-171, SP 800-53, SOC 2 — cross-mapped. Answer once, satisfy many.
110 · CMMC · 325 · 53 Rev.5

Policy drafting

AI-assisted policies from validated templates. Tone-matched to your org. Versioned, approved, exported.
27 POLICIES · DIFF TRACKING

Evidence ledger

Hash-manifested evidence with timestamps, chain-of-custody, and per-control linkage. Audit-ready exports.
SHA-256 · PDF · OSCAL · ZIP

Scanner feeds

Pull live posture from CrowdStrike, Defender, Nessus, Wiz — reconcile daily, surface drift within the hour.
PLANNED INTEGRATIONS · WEBHOOK-FIRST

POA&M tracker

Plans of action with owners, ETAs, compensating controls. Auto-closes when the evidence lands.
OWNERS · ETAS · AUTO-CLOSE

OSCAL native

Built on OSCAL from day one. Export SSPs, SAPs, and SARs a 3PAO can actually ingest.
NIST OSCAL · JSON · XML

Assessor workspace

Invite a 3PAO or CCA. Read-only role with control-level commentary, no email trails.
RBAC · COMMENT THREADS · AUDIT LOG

Vendor & diligence

Answer SIG, CAIQ, and custom questionnaires from your library — with source-of-truth evidence attached.
SIG · CAIQ · CUSTOM · TRUST CENTER
Deep Dive · 01 · Reconciliation

Scanners find it. Docyard reconciles it.

Each morning, Docyard will pull the last 24 hours of findings from your tools, match them to controls, and update your readiness score before standup.

  • Drift detection per control family — not just CVE counts
  • Auto-open POA&M when a control slips below threshold
  • Auto-close POA&M when evidence reappears for 14 days
  • Slack / Teams / email digests — you pick the cadence
Control grid · 6h ago · 110 controls
Compliant Drift Gap
Deep Dive · 02 · Policy Drafting

From blank page to board-ready in an afternoon.

Pick a template. Answer a handful of questions about your org. Get a policy draft that reads like a human wrote it — because a human reviewed it at every step.

  • 27 templates across access, change, incident, AI, vendor
  • Org voice + tone matching — no robotic filler
  • Redline approval workflow with e-signature
  • Versioned, diffed, and exportable as .docx or .md
Drafting
Acceptable Use Policy · v1.3
1.1  Scope
This policy applies to all Acme-42 personnel, contractors, and authorized third parties with access to company systems, data, or facilities.
1.2  Acceptable use
Users are expected to act in good faith, exercise professional judgment, and use company resources for business purposes consistent with their role
Deep Dive · 03 · Evidence Chain

Evidence with a spine.

Every screenshot, export, and config dump is hashed on ingest and bound to the control it supports. An assessor will see full provenance — not a sharepoint folder full of PNGs.

  • SHA-256 manifest per evidence artifact
  • Source metadata: tool, user, timestamp, system tag
  • Tamper detection on every re-fetch
  • OSCAL export bundles everything for 3PAO ingestion
crowdstrike_endpoints_2026-04-18.json
sha256 · e3b0…bc91 · 12:03:14 VERIFIED
ingested · control 3.14.2 · endpoint monitoring
operator · nick@voidnet · approved MAPPED
oscal_bundle_Q2-2026.zip
sha256 · a5e4…dfe8 · 15 artifacts EXPORTED
OSCAL
native export
JSON & XML
110
CMMC L2 controls
mapped out of the box
1
workspace for every
framework you carry
0
PDFs generated by hand
(that's the point)
02 / Integrations

Plugs into what you already run.

CCrowdStrikeEDR
DDefenderEDR
WWizCSPM
NNessusVuln
QQualysVuln
SSnykAppSec
OOktaIdP
EEntra IDIdP
AAWSCloud
ZAzureCloud
GGoogleCloud
+Webhook APIAny
Private beta · seats limited

Get your posture on the list.

We're onboarding 25 teams through Q3 2026 — VoidNet managed-services customers and a handful of hand-picked design partners. The waitlist is how we pick.

Private beta · first cohort Onboarding through Q3 2026 Free for design partners
We'll email once. If we can help, we'll say so. By joining, you agree to our Terms and Privacy Policy.
Tweaks
Theme
Star density
Motion