PumaGRC2 — Demo

Live demo — your changes won't be saved. Import and export are disabled.

PumaGRC2 — help

What PumaGRC2 does

A zero-dependency, offline-first multi-framework compliance self-assessment. One HTML file. No server. No accounts. Rate your organization's maturity across cybersecurity, privacy, federal-defense, AI-governance, and incident-response standards; track progress over time; export evidence for auditors.

16 frameworks across 6 groups — Cybersecurity (NIST CSF 2.0, ISO 27001:2022, SOC 2 TSC); Federal/Defense (NIST SP 800-53 r5, NIST SP 800-171 r3, CMMC 2.0); Industry Compliance (HIPAA, PCI DSS 4.0.1); Privacy (GDPR, NIST Privacy Framework 1.0); AI Governance (ISO/IEC 42001); Incident Response (NIST SP 800-61 r3, ISO 27035, SANS PICERL, CIS Control 17, CISA Federal IR Playbook). 1,531 subcontrols total — enable any combination per workspace.
Maturity scoring (0–5) per control with priority, evidence/proof field, remediation plan, compensating-control flag, and timestamped activity log.
Six views — Dashboard (KPIs + charts), Category assessment, Gap Analysis, Heatmap, Cross-framework mapping, History snapshots. Clicking a cell or row anywhere deep-links to the specific control with its drawer already open.
Click-to-edit pills — maturity + priority chips on every row and card open an inline picker. No drawer expansion needed to change a score.
Cross-Map "Maturity view" — toggle every pill in the cross-map table to its control's actual maturity color. The whole row reads as a posture heatmap while keeping every mapping clickable. The same maturity coloring rides through the per-control panels (open any subcontrol: "Maps to NIST CSF" or "Maps to other frameworks" chips show their target's scored maturity, so you can see at a glance whether you've already answered the equivalent control in another framework).
Maturity color gradient — gear menu toggle between two orderings: Cool peak (default: red · orange · yellow · blue · green) and Natural (red · orange · yellow · green · blue). Lets each consultant pick the gradient that matches how their eye reads a heatmap.
Universal pumapack interop — export a .pumapack here, open it in PumaRisk (risk-worthy findings → risk register), PumaKeeper (task-worthy findings → workspace), PumaBoard, or any sibling app. Each consumer applies its own filter; foreign apps surface a friendly toast pointing you at where to open the file.
Workspaces — multiple parallel assessments (one per business unit, audit cycle, customer). Each remembers its enabled frameworks, scoring, and history independently.
Exports — .pumapack (full backup, universal interop); CSV (controls + scores, spreadsheet round-trip); JSON (raw); RTF executive summary; Full report Markdown + RTF (every control with evidence, plans, cross-map references); cross-map matrix CSV; Print / Save as PDF.
Light + dark themes, theme-toggle in the topbar. Right-click the theme button for the accent picker.

See the Keyboard tab for shortcuts.

Where your assessments live

Every assessment, score, evidence note, history snapshot, and risk-register entry is held in this browser's sessionStorage under the pumagrc2.* key prefix. Nothing is sent over the network. Closing the tab keeps your data; opening the file in a different browser, profile, or device shows an empty register.

Heads up. Clearing site data, using private/incognito mode, or losing the device erases everything. The browser is the database — back up regularly.

Backing up

Use the Export button (cloud icon, topbar) for a full .pumapack backup — every workspace, every score, every history snapshot. Open the same pack in any sibling PumaWorx app for cross-app interop. From the gear menu you can also export:

Full report (Markdown) — every control with its evidence, remediation plan, notes, activity log, and cross-mapping references. Pipe through pandoc for PDF/DOCX, drop in a repo for auditor handoff.
Full report (RTF) — same content, Word-compatible.
CSV — flat controls + scores; round-trips through spreadsheet workflows.
JSON (raw) — the active assessment payload, no envelope.
RTF executive summary — board-friendly highlights only.
Cross-map matrix CSV — full NIST CSF × 15-framework table with confidence inline.
Print / Save as PDF — browser print dialog with the print stylesheet.

Clear all local data

This deletes every assessment, score, history snapshot, and preference under pumagrc2.* in this browser. It does not touch any .pumapack file you've exported.

Type DELETE EVERYTHING to confirm.

Keyboard shortcuts

?

Open this help modal

Esc

Close overlay / cancel selection

⌘K / Ctrl-K

Command palette

⌘S / Ctrl-S

Export current workspace as .pumapack

⌘O / Ctrl-O

Import a .pumapack file

⌘N / Ctrl-N

New assessment workspace

/

Focus search

J / K

Next / previous control

0–5

Set maturity on focused control

Enter

Open / activate focused item

About PumaGRC2

PumaGRC2 fills the "I need a real maturity assessment but every GRC platform wants a quote, a sales call, and my SOC 2 attestation in escrow"-shaped hole. It's a serious framework tool — sixteen complete control catalogs, gap analysis, cross-mapping, history snapshots — that opens in your browser like a PDF and never phones home.

About PumaWorx

PumaWorx is a suite of offline, single-HTML productivity apps that run entirely in your local browser. The entire suite is a personal, open source vibecoding project.

PumaGRC2 · v0.1-dev · MIT

Built by greykit.com

Configure frameworks

Choose which frameworks appear in the sidebar and cross-map. Assessment data is preserved when a framework is hidden.

Start an assessment

Name your workspace and pick the frameworks you want to score. You can add or remove frameworks later via the gear menu.

Workspace name Frameworks

⌕ ↑↓ ↵ esc

Save snapshot

Capture the current assessment state for trend tracking.

This is not a web app

This is an offline single-HTML app. No data goes to or from the internet. There is no server, no account, no sync, and no telemetry.

Your assessments live in your web browser's sessionStorage — on this device, in this browser, and nowhere else.

Your data is YOUR responsibility.

If you clear site data, use a private/incognito window, switch browsers, or lose this device, your assessments are gone. Back up regularly via the Export button in the topbar — produces .pumapack, CSV, or RTF.

Press ? any time for help and keyboard shortcuts.