Graphletter Logo
    Graphletter
    TryGitHub (opens in new tab)

    Graphletter

    Prove your policies meet the frameworks that matter.

    Upload an evidence document. Graphletter reads it against 1,200+ SCF controls and maps the outcome to 79 frameworks — with AI reasoning quoted back to your source.

    Try with a sample docGitHub → (opens in new tab)

    79 frameworks · 1,200+ controls · 25,000+ cross-framework mappings

    Example output

    Upload a document — a policy, a training record, a vendor assessment. Graphletter maps it to every relevant SCF control and returns structured findings per objective.

    ControlSCF-IAC-15Account Management
    ResultPartial
    RiskMedium
    FrameworksNIST 800-53 AC-2ISO 27001 A.9.2.1SOC 2 CC6.1
    Deficiencies
    • No process for disabling dormant accounts after 90 days
    • Shared/service account inventory not referenced
    Recommendations
    • Add dormant-account deprovisioning policy with 90-day threshold
    • Maintain a service account register with quarterly review
    RemediationEffort: Low·Policy update, no tooling changes

    Built in the open

    Graphletter is MIT-licensed and developed in public. The code, the prompts, the SCF mappings, and the schema migrations all live in the repository.

    • Self-hostable — run it on your own infrastructure if you'd rather keep evidence inside your perimeter.
    • Inspectable — read how the assessments are scored, how citations are parsed, how data flows.
    • Forkable — extend it with your own evidence types or framework mappings.
    View the code on GitHub → (opens in new tab)

    Ready to see a real assessment?

    Pick one of three sample policies and watch Graphletter map it against SCF objectives in under a minute. No signup required.

    Try it nowCreate a free account
    Graphletter · MIT-licensed · © 2026
    FrameworksResearchPrivacyTermsSecurityGitHub (opens in new tab)hello@graphletter.com