Cyber Resilience Act (Reg (EU) 2024/2847)
IT & cloud security
Threat modelling, product-security law, and live vulnerability context — every finding cited to its source.
Ansvar is a gateway for the AI assistant your team already uses — Claude, Microsoft Copilot, any MCP client. Connect it, and every answer below comes back cited to the provision or marked unresolved.
Security is where Ansvar runs deepest: STRIDE threat models grounded in OWASP, ATT&CK and CAPEC; the Cyber Resilience Act and NIS2 at article level; control mappings across ISO 27001 Annex A, NIST CSF/800-53 and CIS; and live CVE / CISA KEV / EPSS context for effective-risk decisions. Ask the requirement, get the source; then run the threat model or gap analysis that turns it into evidence.
The law and standards we ground on
NIS2 (Dir (EU) 2022/2555)
GDPR Art. 32 — security of processing
Control mapping: OWASP ASVS · NIST CSF/800-53 · ISO 27001 Annex A · CIS · MITRE ATT&CK
requirement mapping + cross-references, not the standard text
MITRE ATT&CK · CAPEC · CWE · D3FEND
threat & weakness catalogs, cited per technique; CAPEC / CWE / D3FEND on paid tiers
CVE · CISA KEV · EPSS — live vulnerability context
for effective-risk rescoring; not a scanner
Workflows that turn it into evidence
STRIDE threat model
over your architecture or data-flow diagram, each threat cited to OWASP / ATT&CK / CAPEC patterns
Effective-risk CVE rescoring
re-rank the findings your scanners already produced with CISA KEV, EPSS and NVD context — reproducible and cited, never exploit code
NIS2 gap analysis & ISO 27001 control mapping
Art. 21 measures mapped to the controls you already run
CRA readiness gap analysis
essential requirements (Annex I) for products with digital elements
Document review, paragraph-cited
security policies, ISO 27001 evidence and vendor questionnaires, each finding anchored to a doc:// segment
Security research as cited answers
free single-jurisdiction search; premium adds CAPEC / CWE / D3FEND and the IETF security RFCs
Workflows run on Team and Company. Free & Premium run the same corpora as cited research inside your own AI client.
Questions buyers ask first
- Is this a vulnerability scanner or a SIEM?
- No. Ansvar grounds decisions — it re-scores the vulnerabilities your scanners already found (CISA KEV, EPSS, NVD), maps controls, and produces cited threat models and gap registers. It never runs exploit code and never watches your network.
- Do you serve the ISO 27001 text?
- The control mapping cross-references ISO 27001 Annex A without reproducing the standard. A licensed ISO 27001/27002 module — the standard text itself, cited rather than paraphrased — is live as an add-on; see /standards.
Run it against your own systems
Connect the AI client you already use and ask your first cited question — Free, Premium and Team are self-serve.
Building security compliance? It works today — we take on a few design partners per sector to fine-tune it to your team.