Prove your policies meet the frameworks that matter.

Upload an evidence document. Graphletter reads it against 1,200+ SCF controls and maps the outcome to 79 frameworks — with AI reasoning quoted back to your source.

Try with a sample doc GitHub →

79 frameworks · 1,200+ controls · 25,000+ cross-framework mappings

Example output

Upload a document — a policy, a training record, a vendor assessment. Graphletter maps it to every relevant SCF control and returns structured findings per objective.

Control	SCF-IAC-15Account Management
Result	Partial
Risk	Medium
Frameworks	NIST 800-53 AC-2ISO 27001 A.9.2.1SOC 2 CC6.1
Deficiencies	No process for disabling dormant accounts after 90 days Shared/service account inventory not referenced
Recommendations	Add dormant-account deprovisioning policy with 90-day threshold Maintain a service account register with quarterly review
Remediation	Effort: Low·Policy update, no tooling changes

Built in the open

Graphletter is MIT-licensed and developed in public. The code, the prompts, the SCF mappings, and the schema migrations all live in the repository.

Self-hostable — run it on your own infrastructure if you'd rather keep evidence inside your perimeter.
Inspectable — read how the assessments are scored, how citations are parsed, how data flows.
Forkable — extend it with your own evidence types or framework mappings.

View the code on GitHub →

Ready to see a real assessment?

Pick one of three sample policies and watch Graphletter map it against SCF objectives in under a minute. No signup required.

Try it now Create a free account

Graphletter