Skip to main content

Welcome to Infracast

Generally Available

Infracast is generally available (GA). All features documented here are production-ready and fully supported.

Infracast is an infrastructure security and compliance platform that discovers, maps, and continuously audits your entire technology estate โ€” from cloud resources to on-prem devices to SaaS applications.

What Infracast Doesโ€‹

๐Ÿ” Discover

Automatically discover infrastructure across AWS, Azure, GCP, Microsoft 365, VMware, Cisco, Palo Alto, and 20+ other platforms โ€” agent-based or agentless.

๐Ÿ›ก๏ธ Secure

Find attack paths, IAM risks, misconfigurations, and vulnerabilities. Map findings to MITRE ATT&CK techniques for threat-informed defense.

โœ… Comply

Continuous auditing against 1,637+ rules (all hot-reloadable YAML) across NIST 800-53, NIST 800-171 r2, DFARS 252.204-7012, FAR 52.204-21/23/25/27, CMMC 1โ€“3, FedRAMP, PCI DSS 4.0, SOC 2 Type II, ISO 27001, HIPAA, CIS Benchmarks, DISA STIGs, NIST CSF 2.0, and 11 international frameworks across 42 packs. Every finding includes actionable fix steps for Terraform, AWS Console, CLI, and manual remediation across 10 domains.

Key Featuresโ€‹

Securityโ€‹

Infrastructureโ€‹

  • Agentless Discovery โ€” AWS, Azure, GCP, M365, on-prem
  • On-Prem Relay โ€” Full on-premises scanning (VMware vSphere, SSH, SNMP, WinRM) through an outbound-only relay; no VPN or inbound firewall rules required; agent-through-relay proxy for zero-inbound agents
  • Microsoft 365 โ€” Entra ID, Exchange, SharePoint, Teams
  • Applications โ€” Group resources by business service; auto-discovery from tags, K8s labels, and traffic patterns
  • SBOM Generation โ€” Software inventory for EO 14028 at host, application, and business service scope
  • Configuration Drift โ€” Detect drift from intended state
  • Large-Scale Topology โ€” 50K+ node environments with Barnes-Hut layout, canvas renderer, and publication-quality PNG/draw.io export

ATO & Compliance Automationโ€‹

Securityโ€‹

  • DNS Security & Discovery โ€” Route53/Azure DNS/GCP Cloud DNS zone discovery, 10 DNS security rules, subdomain takeover detection
  • MFA Enforcement โ€” TOTP-based MFA with backup codes, admin enforcement, two-step login

Platformโ€‹

  • AWS Marketplace โ€” Available for procurement alongside direct Stripe billing
  • UI Consolidation โ€” Streamlined navigation with tabbed compliance center, consolidated settings

Quick Startโ€‹

Choose your deployment model:

PathTimeBest For
SaaS Quickstart5 minTeams wanting managed infrastructure
Docker Quickstart10 minLocal evaluation or development
Terraform Deployment30 minProduction AWS/Azure deployment

Core Conceptsโ€‹

Nodesโ€‹

Everything Infracast discovers becomes a node โ€” EC2 instances, VPCs, firewalls, switches, AD users, M365 users, S3 buckets, and more. Each node has a type (e.g., aws.ec2.instance, m365.user), properties, and tags.

Edgesโ€‹

Edges represent relationships between nodes: network connectivity, containment (VPC contains subnet), security group attachments, IAM policies, group membership, and more.

Findingsโ€‹

Findings are compliance violations or security issues detected by Infracast's audit engine. Each finding references a specific control from a compliance framework and includes remediation guidance.

Discoveryโ€‹

Discovery connects to your infrastructure sources (cloud accounts, M365 tenants, network devices, etc.) and populates the graph with nodes and edges. Run discovery on-demand or on a schedule.

Compliance Frameworksโ€‹

Built-in support for:

FrameworkCoverageDescription
NIST 800-53 (Low/Moderate/High)130+ rulesFederal security controls โ€” full baseline support
NIST 800-171 r2114 rulesCUI protection for DoD contractors โ€” all 110 requirements across 14 families
DFARS 252.204-701222 rulesSafeguarding Covered Defense Information and cyber incident reporting (72-hour DoD notification)
FAR (52.204-21/23/25/27, 52.239-1)30 rulesFederal Acquisition Regulation baseline safeguarding โ€” applies to ALL federal contractors handling FCI
FedRAMP (Low/Moderate/High/LI-SaaS)80+ rulesCloud service authorization at all impact levels
CMMC Level 1โ€“370 rulesDoD Cybersecurity Maturity Model Certification
CIS Benchmarks (AWS, Azure, GCP, Kubernetes)265+ rulesCenter for Internet Security hardening guides
HIPAA35 rulesHealthcare data protection & privacy
PCI DSS 4.060 rulesPayment card industry security standard
SOC 2 Type II40 rulesAICPA Trust Services Criteria
ISO 2700145 rulesInternational information security management
GDPR30 rulesEU general data protection regulation
NIS228 rulesEU network & information systems directive
DORA25 rulesEU digital operational resilience act
UK Cyber Essentials20 rulesUK government baseline cyber security
IRAP (Australia)22 rulesInformation Security Registered Assessors Program
CSA CCM30 rulesCloud Security Alliance Cloud Controls Matrix
LGPD (Brazil)18 rulesBrazilian general data protection law
PIPEDA (Canada)16 rulesCanadian personal information protection
SOX IT Controls24 rulesSarbanes-Oxley IT general controls
NERC CIP35 rulesCritical infrastructure protection (energy sector)
NIST CSF 2.040 rulesCybersecurity framework โ€” identify, protect, detect, respond, recover, govern
DISA STIG380+ rulesSecurity Technical Implementation Guides
DNS Security10 rulesDNS zone discovery & subdomain takeover detection
Total1,270+ rulesAll hot-reloadable YAML across 36 packs ยท 23 frameworks incl. 11 international

Need Help?โ€‹