Hitt Hosting Security
Your security posture center.
Free — actually free.
Continuous scans across every Hitt Hosting product, severity-ranked findings with built-in fix guidance, AI security briefings, and tamper-evident evidence packs. The posture tooling vendors price for enterprises — free for everyone, framed honestly as self-assessment.
Features
One console that watches your whole account
Continuous posture scanning
Scheduled scans across every product on your account — CRM, Books, HR, Desk, Sign, Field, SE, Hosting — with per-product monitors tuned to each data model.
02Severity-ranked findings
Worst-first rollups per product, severity distribution, and true finding age from a first-seen ledger — a 60-day-old weakness reads as 60 days old, not “seen this scan.”
03Built-in remediation guidance
Every finding ships with a recommended fix — clear, deterministic corrective steps right on the card, auto-filled into your POA&M's corrective-action column. No AI call, no waiting.
04Milestones, owners & due dates
Name an owner, set a fix-by date, and attach dated remediation milestones to any finding. Slipped targets flag Overdue and escalate automatically.
05Time-to-breach countdown
A forward-looking panel projects each open finding against your own SLA windows and shows the days remaining — so you see what's about to breach before it does.
06Compliance coverage & sign-off
Your latest scan mapped to CIS Controls v8, OWASP, and NIST CSF control areas — mark each Reviewed or Accept-risk with a dated note that persists into every export. Self-assessment, not certification.
07AI security briefings, on the record
Claude-powered cross-product analysis — correlations, emerging risks, plain-language recommendations — dated, saved with a previous-analysis view, and threaded into your evidence pack.
08Alerts that respect you
Idempotent critical digests, HMAC-signed webhooks to Slack, PagerDuty, or any endpoint (with retry and a delivery log), quiet hours, and a weekly plain-English posture recap.
09Dark-web & fraud intelligenceRolling out
Breach-corpus, dark-web, and bank-anomaly feeds are rolling out. Until each feed is wired, the dashboard reports it as a not-connected source — never a false all-clear. Live today: breached-password checks against the HIBP corpus (k-anonymity) and MFA-gap detection on every scan.
Audit-Ready Evidence
Evidence you can hand a prime, insurer, or assessor
Most security dashboards stop at a chart. Security turns every scan into artifacts someone else can verify: checksummed evidence packs, an assessor-ready POA&M with milestone completion dates, a branded posture report, and a live public trust page — the evidence tooling competitors gate behind enterprise tiers, free.
Tamper-evident evidence packs
Every JSON export embeds a SHA-256 integrity block and manifest. Any recipient — prime, insurer, assessor — recomputes it with standard tools to prove the pack is intact and unaltered.
POA&M with real milestones
One row per open finding in the canonical NIST/CMMC layout — control reference, owner, status, and the “Milestones with Completion Dates” column your assessor actually expects.
Branded posture report
A one-click, print-to-PDF document composing your score and trend, severity distribution, remediation velocity, compliance coverage, and finding age — integrity checksum in the footer.
Public trust page + badge
Publish a live posture summary at a shareable link and drop an embeddable SVG badge on your own site. Aggregate numbers only — never finding details — and revocable anytime.
Append-only audit trail
Every state change, working note, ownership assignment, and bulk action lands as a dated entry on the finding's timeline — and travels with the CSV and JSON exports.
Remediation velocity
Mean time-to-remediate by severity and your SLA-breach rate, computed from your own finding history with honest sample sizes — prove the process is getting faster.
Everything here is a self-assessment of your own account — a planning and readiness aid for your compliance program, not a certification or audit.
No Catch
Free, and not because you're the product
Security isn't a third party reading your stuff, and it isn't a free tier engineered to make you upgrade. It's your own automated audit, running on your own account, surfacing findings only to you — no per-seat tax like a traditional SIEM, no data-resale like a consumer identity service, and no locked features waiting on the other side. The more of the suite you run, the more ground it covers — and it never costs anything either way.
No card, no tier
Sign in with your Hitt Hosting account and every feature is unlocked. Nothing is metered, nothing waits behind a plan.
Patterns, not contents
Scans look at counts, timestamps, and status changes — never the contents of your conversations, contracts, or customer records.
Nothing sold, nothing trained on
Findings surface only to you. Your data isn't shared with us, sold to anyone, or used to train a model.
Isolated and tamper-evident
Per-account scoping enforced server-side, banking tokens AES-256-GCM encrypted at rest, and an append-only audit log.
How It Works
From first scan to hand-over proof
Sign in with Hosting
Your existing Hosting login works. We read the products you already use, scoped to your account only.
We watch continuously
Scheduled scans sweep your account; product-data, billing, and identity signals land in one Security Center.
You work the short list
Severity-ranked findings with fix guidance, owners, milestones, and a countdown to your own SLA windows.
You hand over proof
Evidence pack, POA&M, branded report, or a live trust page — self-assessed, checksummed, ready when someone asks.
Prove you're secure — without paying to prove it
Sign in with your Hitt Hosting account and see your first cross-product scan in minutes. Free, fully unlocked, nothing to buy.