Legacy compliance platforms cause FIPS 140-3 hardware rate-limit exhaustion under multi-framework load. Our patent-pending O(1) compression technology reduces N×M signing operations to exactly one—securing your defence supply chain without server paralysis.
See how any third party can independently verify a compliance artifact without login, without trust, and without network access to our platform.
Simulates ACRT verification of a CPCSC compliance artifact
Zero Trust. No Login Required. Mathematics is the only auditor.
From sign-up to cryptographic evidence exports — everything you need to know about the CPCSC Readiness Platform.
3:16 · Covers sign-up, evidence upload, verification, CPCSC assessment, exports & plan tiers
Your CPCSC assessment is in 90 days.
The assessor needs evidence mapped to ITSP.10.171 controls. Your team is still collecting spreadsheets and screenshots from three departments.
With Solymus, you export a complete evidence package with per-artifact verification links—mapped to CPCSC controls.
DND asks for proof of Level 1 readiness.
Your contract renewal depends on demonstrating basic cyber hygiene. You need to show which controls are met and which have gaps—with evidence, not promises.
With Solymus, your readiness dashboard shows coverage by control family, and every artifact has a cryptographic receipt.
A prime contractor audits your compliance posture.
They need to verify your evidence is authentic and hasn't been modified since submission. Trust isn't enough—they need proof.
With Solymus, every piece of evidence is tamper-evident. Assessors verify independently, no login required.
Your compliance team shouldn't spend weeks assembling binders. Solymus replaces fragile paper trails with signed, verifiable evidence your CPCSC assessors can check themselves.
Solymus is a CPCSC Readiness Platform built on cryptographic receipts. Organize evidence, track gaps, prove integrity, and be assessment-ready.
Upload policies, configurations, audit logs, and screenshots. Solymus maps each artifact to CPCSC controls based on ITSP.10.171, organized by control family.
Evidence mapped to controls automatically.
Real-time dashboard shows which controls are met, which have gaps, and what remediation is needed. Filter by control family to prioritize your work.
Gaps identified, remediation tracked.
Every artifact gets a SHA-256 hash signed with AWS KMS (ECDSA P-256). Records link into a daily Merkle chain. Tamper-evident by design—retroactive changes break the chain.
Cryptographic proof, not screenshots.
Export evidence packages with a verification URL for every artifact. Assessors verify independently—no login, no trust in Solymus required.
Assessors click, verify, done.
From evidence upload to assessment-ready export. Here's the step-by-step workflow for Canadian defence suppliers.
Sign up and create a workspace. Choose your CPCSC level (Level 1 or Level 2).
Upload policies, configurations, audit logs, and scan reports. Drag-drop or use the API.
Artifacts auto-map to ITSP.10.171 controls. Override with manual tags for exact mapping.
SHA-256 hash signed with AWS KMS (ECDSA P-256). Keys never leave the HSM. Evidence linked to daily Merkle chain.
Evidence index grouped by CPCSC control, with a verification URL for every artifact. Assessors verify from the export—no login required.
Built for defence suppliers, subcontractors, compliance consultants, and MSPs preparing for CPCSC assessment.
Every artifact gets a KMS-signed receipt with SHA-256 hash. Evidence integrity is mathematical, not organizational.
Public verification API lets CPCSC assessors, primes, and auditors check any receipt themselves. No login required—verification is cryptographic, not trust-based.
Daily Merkle chain linking means retroactive changes break the chain. Gaps and modifications are automatically detectable.
Evidence packages include the receipt, signature, Merkle proof, daily root, and public key needed for offline verification. Bundles remain verifiable independently.
Primary focus on CPCSC and ITSP.10.171. CMMC support is on our roadmap for Canadian suppliers with cross-border U.S. defence contracts.
Whether you're a defence supplier, subcontractor, compliance consultant, or MSP—Solymus organizes evidence the way assessors expect to see it.
Your assessors, primes, and auditors can check any receipt independently. No login required.
SHA-256 hash + AWS KMS ECDSA P-256. Keys never leave HSM.
Third parties verify receipts via export links. Evidence bundles work offline.
Evidence packages grouped by control, with verification URLs.
Aligned to your CPCSC certification level. Level 1 is free for a limited time. All prices in CAD.
An event is a single evidence record (one artifact upload or API ingest call). Level 1 retention is 365 days during 2026 (reverts to 7 days after promo). Early bird requires annual contract signed before December 31, 2026—billing may be deferred to January 2027. All prices in Canadian dollars (CAD). Early bird customers keep their rate for the contract term.
CPCSC (Canadian Program for Cyber Security Certification) is Canada's mandatory cybersecurity certification for Department of National Defence (DND) suppliers, taking effect April 2026. It is based on ITSP.10.171, Canada's adaptation of NIST SP 800-171 Rev 3. Solymus helps you organize evidence and prove readiness before your assessment.
No. Solymus is a CPCSC-focused readiness platform that helps you organize, track, and export assessment-ready evidence. Certification is determined by your CPCSC assessor. We give you the evidence trail; you own the compliance outcome.
Yes. Export packages include the receipt, cryptographic signature, Merkle proof, daily root, and verification instructions. Your assessor verifies mathematically without calling any Solymus API. Bundles work offline.
CMMC support is on our roadmap for Canadian suppliers with cross-border U.S. defence contracts. Our primary focus is CPCSC and ITSP.10.171. Since CPCSC and CMMC share roots in NIST 800-171, evidence organized for CPCSC will also support future CMMC readiness.
Today you upload evidence manually, via API, or via the Python SDK. Connectors are in development:
We'll announce connectors when they're production-ready.
Export bundles are self-contained. They include everything needed to verify the cryptographic signatures offline. No Solymus API, account, or infrastructure required.
April 2027 is when Level 2 becomes mandatory and standard pricing kicks in—C$10,000/mo. Companies already on Solymus with 12 months of evidence history will sail through their assessment. Companies starting fresh won't.
Solymus provides tamper-evident evidence infrastructure that supports your CPCSC readiness program. Certification outcomes depend on your assessor's evaluation. See our Terms of Service for details.