15 Questions • 7 Security Domains incl. AI Workload • ~4 Minutes

Cloud Security & AI Readiness

Score your cloud security posture across IAM, network, data, monitoring, compliance (SOC 2, ISO 27001, NIST CSF, HIPAA, PCI DSS) and vulnerability management — plus AI workload security and EU AI Act readiness (78 days to enforcement). Detailed score, per-domain breakdown, industry benchmarks, and a personalized remediation roadmap.

Live ScoringCalibrated against 17 frameworks • 413 controls
0/15 answered0%

Identity & Access

Authentication, authorization, and privilege management

Q1.Is Multi-Factor Authentication (MFA) enforced for all users?

💡 MFA is the single most effective control against credential theft. NIST 800-63 and SOC 2 require it.

Q2.Do you follow the principle of least privilege across cloud accounts?

💡 Over-permissioned accounts are the #1 cause of cloud breaches. CIS Benchmark requires per-role scoping.

Use ← → arrow keys to navigate

How the Cloud Security & AI Readiness Assessment Works

AI Workload Security

EU AI Act Annex III inventory, AI-specific framework scoring (NIST AI-RMF, ISO 42001, MITRE ATLAS, OWASP LLM Top 10), and ML serving-stack runtime visibility (KServe, Kubeflow, Ray, Seldon). EU AI Act enforces Aug 2, 2026 — penalties up to €35M or 7% of global revenue.

Identity & Access

MFA enforcement, least privilege policies, and automated access reviews. Maps to SOC 2 CC6.1, NIST AC-2, ISO 27001 A.5.15.

Network Security

Network segmentation (micro-segmentation, VPC), TLS 1.3 enforcement, and traffic encryption. Maps to PCI DSS Req 1, NIST SC-7.

Data Protection

HSM-backed key management, data classification, and DLP policies. Maps to GDPR Art. 32, HIPAA §164.312, SOC 2 CC6.7.

Monitoring & Detection

Centralized SIEM with <15min alert SLA, tested incident response plans. Maps to SOC 2 CC7.2, NIST IR-4, ISO 27035.

Compliance & Governance

Framework certifications (SOC 2, ISO 27001, HIPAA, EU AI Act), automated evidence collection, policy-as-code. Maps to all major frameworks.

Vulnerability Management

Continuous scanning with CI/CD integration, patch SLAs (Critical <24h, High <7d). Maps to PCI DSS Req 6, NIST RA-5, CIS V7.

Industry Benchmarks

Your score is compared against industry averages: Government (75%), Fintech (72%), SaaS (68%), Healthcare (65%), and E-commerce (58%). Scores of 80%+ indicate excellent security posture; below 40% requires immediate remediation.

Remediation Roadmap

Based on your answers, the calculator generates a prioritized remediation roadmap. Each recommendation includes impact level (Critical/High/Medium), effort estimate, a detailed implementation description, and the specific compliance frameworks it addresses (SOC 2, ISO 27001, NIST 800-53, PCI DSS, HIPAA, GDPR, CIS Benchmarks, FedRAMP).