A Compliance Expert at EVERY DESK.
You Decide. FORCE Drafts.
Ask FORCE is the agentic AI assistant inside the FORCE platform. It answers your team's compliance questions, drafts your SSP narratives and POA&Ms, and proposes assessment findings — all grounded in the evidence FORCE has already collected for your tenant. Every state-changing action waits for a human click.
Five Things Ask FORCE Does Every Day.
Answer compliance questions
Read-only Q&A grounded in your tenant's evidence. 'What's our coverage on AC.L2-3.1.5?' returns the actual evidence count, evidence types, and cited rows from your data — not a hallucinated answer from training data. Autonomous; no confirmation needed.
Draft SSP narratives
Generate a starting-point narrative for any control from your collected evidence. Cites specific evidence IDs. You edit before attaching to a finding. Drafts are reviewable, never auto-attached.
Propose assessment findings
For each control, the AI reviews collected evidence and proposes MET / NOT_MET / NOT_APPLICABLE with justification. Pre-fills the finding form. You confirm or override before saving.
Draft POA&M items + closeout plans
When a control falls out of compliance, the AI drafts the POA&M with milestones, target dates, and remediation steps based on the gap detected. You approve, edit, or reject. Auto-creation always passes through human confirmation.
Run mock CAP interviews
The AI plays a DIBCAC assessor. Probes each control role-by-role. Surfaces gaps and confidence scores before your real engagement. No commitment to act on its findings — review and dismiss freely.
YOU Sign. The AI Drafts.
Every action that changes your compliance posture — marking a control satisfied, creating a POA&M, signing the senior-official affirmation, submitting to SPRS or DIBNet — routes through a two-step confirmation pattern. The AI never commits state changes alone.
AI proposes
The AI assembles the action with all required fields filled in: control id, evidence citations, justification, timestamps. You see exactly what would happen.
You confirm
A confirmation modal appears with the full action description. You click Confirm or Cancel. No action commits without this click.
Ledger writes
On confirmation, the action commits to your tenant database AND writes to your tamper-evident attestation ledger (S3 Object Lock, 7-year retention). The audit trail records who confirmed, when, and what was attested.
Why this matters for CMMC L2
CMMC L2 attestations are signed by a designated senior official under penalty of False Claims Act exposure. An AI cannot legally sign that attestation; only a human can. The action-gate pattern keeps the AI as a drafter and the human as the signer — the legal posture matches the technical architecture.
Three Guardrails. None Optional.
Tenant-scoped at the IAM layer
Cross-tenant access is prevented by AWS IAM conditions (sts:ExternalId, principal-tag scoping), not just application code. Belt-and-suspenders enforcement. The AI cannot read another tenant's evidence even if a code path tried to.
Grounded in YOUR evidence
Every answer cites specific evidence items, control IDs, and policy documents from your tenant. No invented IDs, no hallucinated policy names. If the AI doesn't know the answer from your evidence, it says so.
Audit-ready by default
Every tool invocation, draft, and confirmation flows to your tamper-evident attestation ledger with 7-year retention. The ledger is S3 Object Lock compliance mode — cryptographically demonstrable to assessors and FCA defense.
Models, Costs, Boundaries.
| Component | What we use |
|---|---|
| Foundation model (reasoning) | Anthropic Claude Opus 4.7 via AWS Bedrock |
| Foundation model (intent classification) | Anthropic Claude Haiku 4.5 via AWS Bedrock |
| Embeddings | Amazon Titan Embed Text v2 |
| Region (commercial L1) | us-east-1, FedRAMP Moderate boundary |
| Region (CUI L2) | GovCloud us-gov-west-1, when Bedrock GovCloud activation completes |
| Per-tenant cost (typical L2) | ~$22/month at typical usage; budget cap at 200% of allocation |
| Rate limits | Per-tenant token quotas per tier; hard stop at 200% of allocation |
| Streaming | First token p95 under 2s; full response under 8s |
Anthropic does not train on your prompts (Bedrock terms). FORCE does not train on your prompts either. Customer Data is never used to fine-tune our models.
See Ask FORCE on Your OWN TENANT.
The AI is L2 standard. Subscribe in five minutes. Charter pricing $599/mo for the first 50 customers.