Pittsburgh, PAVeteran owned and operated
Built for Business Owners

Federally Secure Your Business With CMMC Level 1.Unlock Billions in Year Round Federal Contracts.

bidfedcmmc.com
Custodia platform — AC.L1-3.1.2 Transaction & Function Control walkthrough with the bid-ready journey on the left and the virtual compliance officer chat on the right

Custodia walks you through CMMC Level 1 in plain English, hands you a bid-ready package no prime can pick apart, and keeps your compliance posture watched year-round — vCO support, evidence freshness alerts, and continuous monitoring through your Microsoft 365 or Google Workspace tenant. 7-day free trial. No credit card required.

7-day free trial · No credit card required · $249/mo or $2,496/yr (two months free) · Cancel anytime

Powered by AWS Cloud Computing

“The DoD spends $80B/year with small businesses. The only thing standing between you and bidding on a slice of it is one piece of paperwork. Get Started Now.”

$80B+
Yearly DoD small-biz spend
23%
Statutory set-aside floor
15
Safeguards to bid-eligible
Mondays
We email new contracts
open a federal revenue channel

The government already buys what you sell.

You do not need a new product or a new pitch. Whatever your business already does, a federal agency is buying it right now, every day, all year. The only thing in your way is proving you are secure enough to do business with them.

Find your business. The government is already buying it.

Federal agencies awarded over $185 billion in the categories below last year alone. Find yours.

The government buys this

Construction and the trades

New facilities, renovations, roads, roofing, electrical, plumbing, HVAC.

$32B+
awarded · FY2025
33,000+
contracts
The government buys this

Manufacturing and machining

Parts, components, custom fabrication, assemblies, repairs, tooling.

$21B+
awarded · FY2025
100,000+
contracts
The government buys this

IT and software

Software, cloud, cybersecurity, help desk, development, hardware.

$67B+
awarded · FY2025
78,000+
contracts
The government buys this

Professional services

Consulting, training, staffing, logistics, program and admin support.

$13B+
awarded · FY2025
29,000+
contracts
The government buys this

Products and supplies

Equipment, tools, furniture, safety gear, materials, spare parts.

$6.4B+
awarded · FY2025
489,000+
contracts
The government buys this

Facilities and operations

Janitorial, grounds, maintenance, security, food service, warehousing.

$46B+
awarded · FY2025
36,000+
contracts

Source: USAspending.gov, FY2025. Each total covers the main federal buying codes in that category. This work runs through everyday businesses in all 50 states, small machine shops, IT shops, contractors, cleaning crews, and suppliers, not just the big primes.

Do not see your exact trade? It is still there. The government buys nearly everything a business can sell. See what the government buys in your industry.

the one requirement

The only catch: you have to be secure enough to do business.

The government will not buy from a business it cannot trust with its information. So before you can sell, you prove that you are secure. That proof is called Cybersecurity Maturity Model Certification. For most small businesses, the level you need is Cybersecurity Maturity Model Certification (CMMC) Level 1, the federal baseline for safely handling Federal Contract Information. It is the one thing standing between your business and the contracts, and you can build your entire package free with Custodia.

STEP 01

You already sell it

Your everyday products and services are on federal buying lists right now. No new business required.

STEP 02

Get secure to qualify

Meet Cybersecurity Maturity Model Certification (CMMC) Level 1, the baseline to handle federal information. Build it free in the platform, no credit card to start.

STEP 03

Bid and win, year round

Post your affirmation, attach your bid ready package, and compete for the work every day of the year.

7-day free trial · No credit card required · Cancel anytime

$80B+
DoD prime contracts to small businesses
Awarded annually (DoD OSBP, FY23 small business goaling report)
220,000+
Businesses required to meet Cybersecurity Maturity Model Certification
Per DoD’s CMMC final rule regulatory impact analysis
23%
Federal prime contract dollars reserved for small business by law
Small Business Act, 15 U.S.C. § 644(g) statutory goal
how it works

How Custodia’s platform actually works

You drive. Charlie — your virtual compliance officer — sits in the side rail and answers any question you have along the way. One short pass a year, then we watch it for you. No consultant. No three-month sprint.

STEP 01

Set up your workspace

Sign up, fill in your org profile, registrations (UEI, CAGE, NAICS), scope, and system boundary. Short forms, plain English. Charlie’s in the rail if you get stuck on a term.

Custodia: No 40-field intake. Just the fields that matter, one section at a time.
STEP 02

Work the 15 safeguards

Click each CMMC Level 1 safeguard. Answer the questions, attach the evidence you have. Your SSP, policies, and evidence templates assemble from your real answers — not a generic PDF.

Custodia: Stuck on a control? Ask Charlie. He explains it your way, not the auditor’s.
STEP 03

Sign + submit

Your senior official signs the SPRS affirmation right in the app. The bid-ready packet is one ZIP download — SSP, policies, evidence, and self-assessment.

Custodia: Attach it to any bid. Hand it to any prime. You’re actually ready.
STEP 04

Year-round, on autopilot

Charlie watches evidence freshness, pings you before the annual re-affirmation, and updates the package when CMMC or your scope changes. You stay bid-ready.

Custodia: One short pass a year. The other 364 days, we’re watching for you.

CMMC Level 1 is the gate to billions in federal small-business spend — and once you’re through it, the money is real. Custodia is the only platform that gets a small business through it this fast, at this price, with this much hand-holding. Nobody else does it like this.

your data, your control

“Is my data safe with Charlie?”

Short answer: yes — and here’s exactly why, in plain English. Custodia is built by people preparing CMMC packages with you, so the platform itself is held to the same standard we’re helping you reach.

where it lives

U.S. cloud, locked down

Your data sits on enterprise U.S. infrastructure (Vercel + Neon Postgres) — the same kind banks and federal contractors use. Encrypted at rest with AES-256. Encrypted in transit with TLS. Hosted only in the United States.

double-locked

We add a second lock on top

On top of the cloud’s encryption, we wrap your tenant’s data in a second layer of encryption with a key that’s unique to your organization. Even our own database admins can’t read your records without going through that key.

what Charlie sees

Charlie never sees your secrets

Before anything goes to the AI, sensitive fields — Social Security numbers, phone numbers, emails, payment details — are scrubbed out. Charlie sees the shape of the work, not the personal details. Everything sensitive stays inside our perimeter.

no training

Nothing you say is used to train AI

Charlie runs on top-tier enterprise AI infrastructure under a business agreement that prohibits training on your data. Your conversations and documents are not used to train any AI model. Your data is yours.

tenant isolation

Your stuff can’t leak into someone else’s

Every action, every database query, every AI tool call is bound to your organization at the server. There’s no “shared workspace.” Another customer’s Charlie literally cannot read your records — it’s enforced at the database layer on every byte.

if the worst happens

Even a breach gives them ciphertext

If an attacker somehow got the database, they’d get scrambled bytes. Without your tenant’s key, it’s unreadable. If you ever leave, we can crypto-shred your key — and your data is mathematically gone, forever.

the journey of one answer

What happens when you type something to Charlie

  1. STEP 1
    You type

    Your message leaves your browser over an encrypted TLS connection — the same lock your bank uses.

  2. STEP 2
    We scrub

    On our server, we strip out PII (SSNs, phones, emails, payment numbers) before anything goes to the AI.

  3. STEP 3
    Charlie thinks

    Our enterprise AI provider processes the scrubbed text under a business agreement that prohibits training on your data.

  4. STEP 4
    We save

    The answer is written back to your tenant’s storage, encrypted twice — once by the cloud, once by your tenant key.

We hold ourselves to the same standard we’re helping you reach. Your CMMC work belongs to you — not to us, not to the AI, not to anyone else. Read the long version any time on our security page.

the stakes

Your business is on the front line.

The minute you handle data for the U.S. government, you become a target. Foreign adversaries — China, Russia, Iran, North Korea — hunt small American defense contractors because we’re the easiest way into the country’s biggest programs. Custodia puts a shield between your business and them, and keeps it up year-round so you can focus on winning the work.

What happens to small businesses that get this wrong

Contracts pulled

Primes drop you

When a prime audits your security and finds gaps — or you can’t answer their questionnaire — the work goes to someone else. You don’t get a second chance, and other primes hear about it.

Federal lawsuits

False Claims Act exposure

Filing a SPRS affirmation that isn’t true is a federal violation under 18 USC 1001 and the False Claims Act. The DOJ’s Civil Cyber-Fraud Initiative is actively pursuing contractors. Recent settlements have run from $1M to over $9M.

Adversaries get in

Foreign actors steal your work

State-sponsored hackers target defense small businesses because we’re the soft underbelly of the supply chain. One ransomware hit, one spear-phish, and your IP, your contract data, and your business can be gone overnight.

the custodia shield · zero-trust security

Built so even we can’t read your FCI.

Custodia is engineered on AWS with envelope encryption, per-tenant keys, and a zero-AI-training pledge. If our database leaked tomorrow, your Federal Contract Information would still be ciphertext — useless to attackers, useless to us, useless to any AI. That’s the bar. That’s the shield.

AWS KMS

Keys live inside AWS. Always.

Your data is protected by AWS KMS-backed envelope encryption. The master key never leaves AWS — not into our servers, not into our env vars, not into a backup. Every key use is logged in AWS CloudTrail. To decrypt, an attacker would need to compromise AWS itself.

Per-Tenant Keys

Your tenant. Your key.

Every customer gets its own Data Encryption Key. Your ciphertext is mathematically useless to any other tenant — even if the entire database leaked. No shared keys, no shared encryption surface, no blast radius across customers.

Zero AI Training

Charlie reads. Charlie forgets.

Charlie only runs on enterprise AI providers under a no-training, zero-retention contract. Your FCI is never used to train any model — ours or anyone else’s. He answers your question in-context, then the context is gone.

U.S. Only

Your FCI never leaves the U.S.

Application, database, and AWS KMS keys are all hosted in U.S. regions. No foreign hops, no foreign sub-processors touching your evidence. Aligned with FAR 52.204-21 and NIST SP 800-171 r2 — the same standard your SPRS affirmation attests to.

the custodia pledge

What we will never do with your data.

  • Never use your FCI to train AI — ours or anyone else’s.
  • Never sell, share, or syndicate your data to brokers or marketers.
  • Never store encryption keys in plaintext or outside AWS KMS.
  • Never let Charlie act on your data without your in-app request.
  • Never host your FCI outside the United States.
Powered by AWS Cloud Computing
KMS · CloudTrail · U.S. Region
Built on AWSAWS KMS Envelope EncryptionZero-Retention AIFAR 52.204-21 AlignedU.S. Region Only

You stay safe. You keep bidding. You keep winning. Custodia stands watch.

Custodia BidFed handles CMMC Level 1 / FCI only. We are not FedRAMP Authorized and do not store Controlled Unclassified Information (CUI). The architecture above is aligned with FAR 52.204-21 safeguarding and the FCI scoping principles in NIST SP 800-171 r2.

the yearly rhythm

CMMC isn’t a one-and-done. It’s a yearly cadence.

Compliance protects your business and unlocks contracts only as long as your posture is current. Custodia handles the one-time setup, then runs the yearly cycle on autopilot so you stay secure, stay bid-ready, and never scramble at re-affirmation time.

Once, at the start

The setup (week 1–2)

A few hours of structured work to build the foundation. Do it once, you’re bid-eligible.

  • Business profile — fill it in yourself or capture it in conversation with Charlie
  • Federal registration — SAM UEI, CAGE, NAICS, contractor location code
  • Scope inventory — the people, devices, and places that touch FCI
  • Walk all 15 FAR 52.204-21 safeguarding requirements in plain English
  • Upload evidence per control (screenshots, exports, signed rosters, policies)
  • Auto-drafted SSP narratives — accept or edit in one click
  • Generate your first bid-ready package: signed affirmation, SSP, evidence ZIP
  • File your initial SPRS affirmation
Every week, every month, every year

The yearly engine (months 1–12, every year)

Custodia runs the cadence so your shield stays up and your pipeline stays full.

  • Every Monday — SAM.gov radar email with new contract opportunities matched to your NAICS (in-app inbox keeps a rolling history; toggle email on/off in your bid profile)
  • Continuously — AI evidence freshness watchtower flags expiring scans, screenshots, training, and policies before they go stale
  • On demand — one-click Charlie-tailored packet for any specific opportunity
  • Quarterly — posture-drift detection flags changed controls and new requirements
  • October 1 — annual SPRS re-affirmation prepped automatically — included, no extra fee
  • Anytime — open a ticket, a Custodia compliance officer answers your CMMC question
JAN
Q1 push
FEB
FY mid-year
MAR
Q2 ramp
APR
Pipeline build
MAY
RFP season
JUN
Q3 spend
JUL
Pre-EOFY
AUG
EOFY surge
SEP
Use-it-or-lose-it
OCT
Re-affirm
NOV
New FY
DEC
Q1 prep
Federal Q4 (Aug–Sep) is the spend surge. Oct 1 is your re-affirmation deadline. Custodia keeps you ready for both, every year.
the opportunity engine

The goal: stay bid-eligible all year.
Then bid with confidence.

Once you’re CMMC Level 1 secure, you’re eligible to handle Federal Contract Information — that’s the gate. Custodia’s job after that gate is to keep your posture watched and put live, matched opportunities in front of you every week, so when you choose to bid, you bid with a defensible package and current evidence behind you.

Included free · on by default

Every Monday at 7am, the contracts find you.

Custodia scans SAM.gov, DSIP, GSA eBuy, and the major federal opportunity feeds, then emails you a curated digest of the live solicitations matched to your NAICS codes — with deadlines, set-aside flags, and one-click Charlie tailoring already wired up.

  • Matched to your NAICS, location, and size profile
  • Set-aside flags: SDB, WOSB, HUBZone, 8(a), VOSB / SDVOSB
  • Sorted by closing date so you act on what’s urgent first
  • Every email links straight into your in-app inbox — full history kept
  • One click: Charlie tailors your bid-ready packet to that specific solicitation
  • Or skip the email and ask the in-platform AI: ‘find me cyber contracts in 541512 closing in 30 days’ — live SAM.gov search is built into the chat
  • Don’t want the email? Toggle it off in your bid profile in 2 seconds

“The hardest part of fed contracting isn’t bidding — it’s knowing which contract to bid on. Custodia tells you.”

C
Custodia — This Monday’s federal opportunities
opportunities@bidfedcmmc.com · to you · 7:02 AM
DoD — Cyber Systems Engineering Support
NAICS 541512 · $4.2M ceiling · closes in 12 days
SDVOSB set-aside5-yr IDIQ
GSA — IT Services Schedule 70 task order
NAICS 541511 · $280k · closes in 9 days
Small biz set-aside
Air Force SBIR Phase II direct-to-Phase II
NAICS 541715 · $1.7M · closes in 21 days
SBIRPhase II
+ 4 more matches in your inbox · manage emails in your bid profile

Sample digest. Real opportunities pulled live from federal feeds.

1

Get CMMC Level 1 secure

You complete the 15 safeguarding requirements, capture evidence, and file your SPRS affirmation. You’re now legally eligible to handle Federal Contract Information — the gate is open.

2

Join the bid-ready community

You’re now part of a network of small businesses securing themselves for federal work. Custodia delivers matched opportunities every week and points Charlie’s tailoring engine at any one with a single click.

3

Stay watched all year

Connect Microsoft 365 or Google Workspace and Custodia continuously monitors your evidence, flags expiring scans and stale rosters, and preps your annual SPRS re-affirmation every October — so your bid eligibility never quietly drifts.

You secure the business. We surface the opportunities, watch your posture, and keep your evidence fresh year-round.
why custodia

Built by CMMC professionals. Self-serve, officer-supported.

Most compliance products are templates and forms. Custodia is a cybersecurity firm with a Platform built to take you from zero to bid-ready hands-off — with our compliance officers on-call via tickets whenever you need a real human answer.

Cybersecurity firm, not a template

Custodia is a veteran-owned cybersecurity firm in Pittsburgh, PA. We staff compliance officers, not customer-success reps. The Platform takes you from zero to bid-ready on its own — the officers are on-call when you need a human.

CMMC Level 1 specialists

We do one thing — CMMC L1 for FCI handlers — and we do it all the way. No scope drift into L2 or L3. The 15 safeguarding requirements are our entire focus.

Officers on-call via in-app tickets

Hit a question The Platform can’t answer? Open a ticket. A Custodia compliance officer responds with audit-grade guidance, in writing, in The Platform — included with every active membership.

The Custodia Guarantee

If a prime or contracting officer challenges your package, we assign a dedicated officer to resolve it — including direct communication with the prime, until your package is accepted.

Veteran-owned, mission-aligned

Built by people who understand federal procurement from the inside. We’re here to expand the small-business defense industrial base, not extract from it.

Annual re-affirmation included

Compliance isn’t one-and-done. We monitor changed controls year-round, flag expiring evidence, and prepare your next SPRS re-affirmation every October — included in your membership.

15
Safeguards covered
100%
Bid-ready rate
$150K+
Avg. contract value
your journey

From signup to a defensible bid-ready package

Here’s the path you’ll walk inside The Platform during your 7-day free trial — bid-ready by mid-week, no credit card required to start. Membership keeps your posture watched, your evidence fresh, and your vCO on call all year.

  1. 01
    DAY 130 seconds

    Create your account

    Sign up with email through Clerk — no credit card required. Land in The Platform and pick up where you left off across devices. You won’t add a payment method until day 7, if you choose to stay.

  2. 02
    DAY 15 minutes

    Fill in your org profile

    Short workspace forms capture your business, the FCI you handle, and your tech stack — the legal-identity details you’d otherwise type into a 40-field intake. Charlie’s in the side rail if a question stumps you.

  3. 03
    DAY 2–330–60 minutes per session

    Walk the 15 CMMC requirements

    Each FAR 52.204-21 requirement is explained in plain English with capture steps tailored to your stack — M365, Google Workspace, Okta, AWS, on-prem, or no IT at all.

  4. 04
    DAY 2–4As you go

    Upload your evidence

    Screenshots, exports, signed rosters, policy PDFs. The Platform tags every artifact to a control and tracks your readiness score in real time.

  5. 05
    DAY 4Auto-drafted

    Draft your SSP narratives

    Auto-generated SSP narratives for every control, written from your inputs. Accept or edit in one click — no blank-page panic.

  6. 06
    DAY 5On demand

    Generate your bid-ready package

    Charlie auto-reviews every artifact for instant gap detection. Generate the bid-ready ZIP: SSP, signed affirmation memo, evidence inventory. With days to spare in your 7-day trial, you can ask Charlie to surface matched opportunities, draft prime questionnaire responses, and brief you for outreach — before you ever add a card.

  7. 07
    MEMBERSame day

    File in SPRS and start bidding

    Step-by-step SPRS submission instructions. The moment you affirm, you can respond to prime questionnaires, agency RFPs, SBIR Phase II solicitations, and small-business set-asides — with a defensible package behind you.

  8. 08
    MEMBERRe-affirmation included

    Stay compliant, year-round

    Custodia monitors changed controls, flags expiring evidence, and prepares your next SPRS re-submission every October — at no extra charge while your membership is active.

where it ends

You, bidding with a defensible package — and watched all year.

All 8 steps happen inside your 7-day free trial. Steps 1–6 (build to bid-ready) typically wrap up by mid-week. Steps 7–8 are where membership earns its keep: continuous monitoring through your M365 or Google Workspace tenant, freshness alerts, year-round vCO, and your annual SPRS re-affirmation. $249/mo Self Service (or $2,496/yr — two months free) only kicks in if you stay past day 7, or $397/mo if you want a credentialed Custodia Compliance Officer assigned to your account ($3,996/yr on annual).

7-day free trial · No credit card required · $249/mo after (or $2,496/yr on annual — two months free)

inside the platform

Everything you need to go from zero to bidding.

The Platform isn’t a checklist app — it’s a complete operating system for federal contracting. Here’s every capability you get, mapped to the four phases of winning the work.

phase 01

Build your posture

included in trial

Walk the 15 safeguarding requirements, capture evidence, draft your SSP — without writing it from scratch.

  • Charlie at your side, start to finish. Your virtual Compliance Officer fills in your business profile, drafts narratives, and answers questions in plain English — or stays out of the way if you’d rather type.
  • All 15 requirements, plain English. Each FAR 52.204-21 safeguarding requirement walked with capture steps tailored to M365, Google, Okta, AWS, on-prem, or no IT at all.
  • Evidence vault per control. Tag screenshots, exports, signed rosters, and policy PDFs to the controls they prove.
  • Auto-drafted SSP narratives. Every control’s SSP section pre-written from your inputs. Accept or edit in one click.
  • Live readiness score. Real-time domain-by-domain progress so you always know what’s left.
  • AI-drafted capability statement. Federal-format one-pager generated from your inputs — ready to attach to any bid.
phase 02

Bid with confidence

included in trial

AI-automated, officer-supported. Generate your bid-ready package on demand and tailor it to every opportunity in one click.

  • AI evidence auto-review. Every artifact is auto-reviewed against the practice it proves — instant gap detection without waiting on a human.
  • Bid-ready package on demand. Signed affirmation memo, full SSP, evidence inventory ZIP — generate any time you’re ready.
  • AI per-opportunity packet tailor. Paste a SAM.gov notice or click ‘Tailor’ from your radar — the package adapts to that solicitation.
  • Cover letter + executive summary. Auto-drafted for the specific contracting officer or prime, in your voice.
  • SPRS submission instructions. Step-by-step walkthrough so the affirmation files clean on the first try.
  • Officer ticket support. When you have a CMMC question only a human can answer, open a ticket — a Custodia compliance officer responds in writing.
phase 03

Find the contracts

included in trial

Opportunities matched to your business, delivered to your inbox before the news hits LinkedIn.

  • SAM.gov opportunity radar. Every Monday morning we pull new SAM.gov notices matched to your NAICS codes and set-aside eligibility.
  • Inbox view of matched notices. All your matched opportunities in one place — dismiss, view on SAM, or tailor a packet in one click.
  • Fiscal compass. Federal-fiscal-year calendar in-app: end-of-year obligation surges, Q4 spend windows, micro-purchase thresholds.
  • Milestone reminders. Email nudges before SPRS deadlines, prime audits, and re-affirmation due dates.
  • Bid profile. Set your NAICS, set-asides, place of performance, and capability tags — everything keys off this.
phase 04

Stay compliant, year-round

included in trial

Compliance isn’t one-and-done. The Platform watches your posture so you don’t have to.

  • Evidence freshness watchtower. Auto-flags expiring scans (30d), screenshots (90d), training, policies, and certs — before they go stale.
  • Compliance officer rail. In-app escalation channel: ask any question and a Custodia officer responds with audit-grade guidance.
  • Annual re-affirmation included. Every Oct 1 your next SPRS submission is prepped — no fire drill, no extra fee.
  • Posture-drift detection. Changed controls, new requirements, framework updates — we flag exactly what to fix.
  • Custodia Guarantee. If a prime or contracting officer challenges your package, we resolve it — including direct comms with the prime.
  • Audit-ready archive. Every artifact, signature, and review preserved with full chain-of-custody for inspection.

Every capability above is included in your 7-day free trial — the build, Charlie’s opportunity sourcing, the bid generator, year-round monitoring, and the officer.

Sign up with email — no credit card required. Build your CMMC Level 1 package in week 1, connect M365 or Google Workspace for continuous monitoring, and let Charlie surface matched opportunities. $249/mo Self Service (or $2,496/yr on annual — two months free) only kicks in if you stay past day 7.

your potential profit

One contract pays for years of Custodia.

Federal small-business contractors run on 8–15% net margins. The math on whether Custodia is worth it isn’t close — here’s what a single won bid does to your numbers.

First sub-contract
Contract value
$150,000
Net at 10%
$15,000
Pays for
~2.8 years of Custodia
2.8x return on subscription
SBIR Phase II
Contract value
$400,000
Net at 8%
$32,000
Pays for
~5.9 years of Custodia
5.9x return on subscription
Prime sub-contract
Contract value
$1,200,000
Net at 10%
$120,000
Pays for
22+ years of Custodia
22x return on subscription
You pay
$249/mo
$2,496/year on annual · two months free · cancel anytime
You earn (per single $400k SBIR win)
+$32,000
Net profit on one contract · gates years of Phase III

“If a single matched sub-contract The Platform sends you converts, Custodia is paid for through 2028.”

Source ranges based on FY2023 SBA Small Business Goaling Report and DoD CAS / FAR 15.404 weighted-guidelines analysis. Net margins for federal small-business contractors typically run 6–20% depending on contract type (cost-plus, FFP, T&M, sub-contract). Your numbers will vary — the directional math doesn’t.

Save two months on annual$249/mo Self Service — or $2,496/yr (two months free). Add a Custodia Compliance Officer assigned to your account for $475/mo $397/mo ($3,996/yr).
Limited-time bonus on Self Service

Right now, every Self Service trial includes 30 days of a credentialed Custodia Compliance Officer personally on your account — the Officer plan experience, free, alongside your 7-day trial. Walk every safeguard step by step so your team attests with confidence. After 30 days you continue on Self Service with the Custodia Guarantee bench year round.

Bonus runs while we have capacity. No commitment past day 7.

the offer

Everything you need to bid federal — and stay compliant year-round.
$0 today. $249/mo if you stay.

Try the entire platform — build, bid, monitor, maintain — free for 7 days. No credit card required. Cancel any time inside the platform. If you stay, your assigned compliance officer is on call year-round — that is the Custodia Success Guarantee.

The Custodia Bid-Ready Engine

CMMC Level 1 + Weekly Opportunity Radar + Officer Backing

One platform. One subscription. Everything you need to go from zero to bidding to winning.

What you get the moment you start

Here’s every piece — with what it’s worth on its own.

  • ✓ Charlie-guided CMMC Level 1 Build
    Your vCO walks all 15 FAR 52.204-21 safeguarding requirements (59 NIST 800-171A objectives) in plain English — no jargon, no blank pages.
    value
    $2,400
  • ✓ Auto-Drafted SSP & Affirmation Memo
    Your System Security Plan and signed affirmation, pre-written from your inputs.
    value
    $1,800
  • ✓ Bid-Ready Package Generator
    One-click ZIP: SSP, affirmation, full evidence inventory — ready to attach to any RFP.
    value
    $3,500
  • ✓ AI Evidence Auto-Review
    Every artifact you upload runs through gap detection instantly. No waiting on humans.
    value
    $1,200/mo
  • ✓ Weekly SAM.gov Opportunity Radar
    Every Monday at 7am: live federal contracts matched to your NAICS, in your inbox.
    value
    $497/mo
  • ✓ Live SAM.gov Search In-Chat
    ‘Find me cyber contracts in 541512 closing in 30 days’ — Charlie searches live, right inside the platform.
    value
    $297/mo
  • ✓ AI Per-Opportunity Packet Tailor
    One click on any SAM.gov notice and your bid package adapts to that solicitation.
    value
    $897/bid
  • ✓ Compliance Officer On Demand
    Open a ticket any time and a real Custodia compliance officer answers in writing.
    value
    $300/hr
  • ✓ Year-Round Posture Watchtower
    We flag expiring scans, screenshots, training, and changed controls before they bite.
    value
    $1,200/yr
  • ✓ Annual Re-Affirmation, Done For You
    Every Oct 1 your next SPRS submission is prepped. No fire drill, no extra fee.
    value
    $1,500/yr
  • ✓ The Custodia Guarantee
    If a prime or contracting officer challenges your package, an officer resolves it — including direct comms with the prime.
    value
    Priceless
Plus four free bonuses (this week only)
  • BONUS #1 — AI-Drafted Federal Capability Statement
    The federal-format one-pager every prime asks for, generated from your inputs.
    value
    $497
  • BONUS #2 — Fiscal Compass
    Federal calendar in-app: end-of-year obligation surges, Q4 spend windows, micro-purchase thresholds.
    value
    $297
  • BONUS #3 — Milestone Reminder System
    Email nudges before SPRS deadlines, prime audits, and re-affirmation due dates.
    value
    $197
  • BONUS #4 — Daily Discover Feed
    15 fresh, CMMC Level 1-fit SAM.gov opportunities matched to your NAICS, refreshed every day you log in. Plus a Monday digest of the week’s newest contracts in your inbox.
    value
    $597/yr
Total real-world value
$13,000+ /year
Save two months on annual
$2,496/yr
Self Service monthly
$249/mo
What you pay today to start
$0

Math check: at $249/mo your Self Service subscription is $2,988/year — or pay $2,496 upfront and skip two months. Want a credentialed Custodia Compliance Officer assigned to your account? Add Custodia Officer for $397/mo ($3,996/yr). Either way, your CMMC posture stays watched the whole time.

7-day free trial · No credit card required · Cancel anytime · CMMC L1 Success Guarantee

Prefer annual? $2,496/year on Self Service or $3,996/year on Self Service + Custodia Officer — two months free either way.

The Custodia Triple Guarantee

We take all the risk. You bring the business.

#1

CMMC Level 1 Success, or We Stay With You

Try Custodia free for 7 days — no credit card required to start. Most users complete their CMMC Level 1 package in 3–5 business days inside The Platform. If you stay and your package isn’t defensible to FAR 52.204-21 standard, your assigned compliance officer rebuilds it with you, on our time, until it is. The platform is the leverage. The officer is the guarantee.

#2

Officer-Backed Challenge Resolution

If a prime or contracting officer ever challenges your package while you’re a member, a Custodia compliance officer takes over the conversation — including direct comms with the prime — until your package is accepted. We don’t hand you off. We resolve it.

#3

Year-Round Posture Watchtower

As long as you’re a member, your compliance posture is watched. Connect Microsoft 365 or Google Workspace and Custodia continuously monitors evidence freshness, flags expiring scans/screenshots/training, and preps your annual SPRS re-affirmation every October. Your vCO is on call all year — no fire drills, no extra fees.

“Try the platform free for 7 days — no card. Go bid-ready in week 1. Connect M365 or Google Workspace and we watch your evidence year-round. If a prime fights your package, we fight for you. If you don’t see a worth-bidding opportunity in your first year as a member, your second year is free.”

Our Average User

The average Custodia user is bid-ready
inside the 7-day free trial.

Not a hand-picked success story. Not the top 1%. The middle of the pack. Here’s exactly what the typical user builds at every stage — from sign-up to SPRS-affirmed and watched all year.

Federal bid-eligibility
100%

of users who complete all 15 FAR 52.204-21 safeguarding requirements on Custodia file a defensible SPRS Level 1 affirmation — the legal prerequisite to handle Federal Contract Information and bid on FCI-scoped contracts.

Custodia handles CMMC Level 1 only. Awards depend on your bid quality, agency selection, and competition — not the platform. We secure your eligibility; you secure the business.

The Average User Journey

From sign-up to bid-eligible — here’s the median path.

Day 0
Free trial
Signs up with email. No credit card. In the workspace in under a minute.
Day 3
Bid-ready
Completes all 15 FAR 52.204-21 safeguarding requirements. Signs SSP.
Day 4
SPRS affirmed
Annual L1 affirmation filed. Visible to primes and contracting officers.
Day 5
Connectors live
Connects M365 or Google Workspace. Continuous monitoring + freshness alerts switch on.
Day 6
First bid
Asks Charlie for matching opportunities and submits a first response — with a defensible package attached — before the trial ends.
Day 7
Decision
Trial ends. Add a card to stay at $249/mo Self Service (or $2,496/yr on annual) or $397/mo with a credentialed Custodia Compliance Officer assigned to your account ($3,996/yr on annual) — or cancel, and you keep the bid-ready package you built either way.
Quarter 1
vCO on call
Officer answers tickets, defends your package against any prime challenge, and reviews any new evidence the connectors flag.
Year 1
Re-affirmed
Annual SPRS re-submission prepped automatically every October. Posture stays current. Bid-eligibility never quietly drifts.
Time invested
~9 hrs

Total hours the average user spends inside The Platform to go from zero to SPRS-affirmed. Most do it after-hours over a single week.

Opportunities surfaced
~120/yr

NAICS-matched federal RFPs, sub-contracts, and SBIR solicitations Charlie surfaces in your first year — live SAM.gov + agency feeds, sorted by closing date.

Posture watched
365 days

Continuous monitoring of access controls, MFA, audit logs, and authorized-user roster through your M365 or Google tenant — with freshness alerts before evidence goes stale.

The math the average user runs

Spend week 1 finishing CMMC Level 1. Connect M365 or Google. Stay bid-eligible all year. Decide on day 7 whether to keep going. No card to start.

We don’t promise contract wins — nobody legitimate can. We promise the only thing the platform actually controls: a defensible CMMC Level 1 package, year-round monitoring, and a vCO on call. The bidding is yours. The posture is ours.

7-day free trial · No credit card required · Cancel any time · CMMC L1 Success Guarantee

CustodiaA cybersecurity and compliance firm

Everything it takes to do CMMC Level 1. From a firm that does nothing else.

To win or keep federal contracts, you have to handle Federal Contract Information, and that means your business has to be CMMC Level 1 secure. It is mandatory now, not optional. Custodia is the cybersecurity firm that gets you there and protects you the whole way, to the highest standard, so your business becomes the safe, easy yes for any prime or contracting officer. We give you every layer it takes: a guided platform, a credentialed human officer on your account, the book, and free resources. Nothing else in the market puts all of it in one place.

The layers of Custodia

Pick your path, or use them all.

The platform · $249/mo

Done with you, guided

Charlie, your virtual compliance officer, walks all 15 safeguards in plain English, drafts your SSP, builds your bid ready package, and watches your posture all year.

Start free
The officer · plus $397/mo

A credentialed human, assigned

Upgrade and a real Custodia Compliance Officer is assigned to your account. They review your package, sign off before you affirm, and stand in front of any prime that pushes back.

Add an officer
The book

Secure Your Business. Win Contracts.

The do it yourself field guide. Every worksheet, policy, the SSP, and the affirmation, start to finish, by your own hand. The lowest cost path.

Available at AmazonGet the book
Free resources

Start at zero cost

Step by step guides, plain English explainers, and a free CMMC Level 1 check that shows the federal money in your industry. Begin today without spending a dollar.

Take the free check
The human layer

Add a credentialed human officer. Assigned to you.

This is where you stop worrying. The platform ($249/mo) gives you Charlie, the guided build, and your bid ready package. Add a credentialed Custodia Compliance Officer ($397/mo or $3,996/yr) and a real expert is assigned to your account, watching your back. They answer from inside the platform, one business day response, Monday to Friday 9am to 4pm Eastern (Pittsburgh), and stay scoped to CMMC Level 1 for your business. You are protected to the same standard we hold ourselves to.

Who you get
Your Custodia Compliance Officer
Master’s educated · Industry credentialed · Federally seasoned
  • MS in cybersecurity, information assurance, or a closely related field
  • CMMC aligned credentials such as CISSP, CCP, CCA, or equivalent
  • Years of hands on federal compliance work across FAR 52.204-21, NIST SP 800-171, SPRS, and DFARS 7012
  • Vetted, background checked, and U.S. based, not a tier one agent reading a script
  • Knows your tenant, your scope, your primes, and your bid posture by name
Charlie, your vCO, handles the workflow on every plan. The Officer upgrade adds a credentialed human in the loop, the one who signs off when the stakes are real.
Anything CMMC Level 1, anytime

Stuck on a control? Prime asking for evidence? A DFARS 7012 clause you do not recognize? Your officer is one message away, same business day, all year, no ticket queue.

Pre submission review

Before you affirm in SPRS, your officer reviews the entire package, objective by objective, and signs off. If it is not defensible to standard, it does not go out.

Prime and CO challenges, handled

If a prime or contracting officer questions your posture, your officer steps in, including direct communication with the prime, until your package is accepted. That is the Custodia Guarantee, in person.

Personal, not pooled

You get assigned. The same officer every time. They learn your environment, your contracts, and your risk profile, and stay with you across reaffirmation cycles.

The compliance ROI

A compliance officer, without the six figure hire.

Hire your own
$100,000+ / yr

A full time compliance officer is a six figure salary plus benefits, plus the months it takes to find one. One person, one schedule, and you still have to buy the tools.

Custodia officer plus platform
$3,996 / yr

A credentialed officer on your account, the platform doing the work, year round monitoring, the guarantee, the book, and the free resources. About two weeks of a full time hire covers your whole year.

You get expert protection for CMMC Level 1 all year, for a fraction of one salary. That is the safest, highest return way to get secure, get certified, and stay bid ready.

Who you are trusting

The values behind the firm

Secure to federal standard

Your package is built line by line from the official DoD CMMC Level 1 documents, version 2.13. Not a generic checklist.

Real cybersecurity professionals

Veteran owned, Carnegie Mellon trained, with an ISO 27001 Lead Auditor on staff. We do this for a living.

Held to our own standard

We protect your Federal Contract Information the same way we help you protect it. Per tenant encryption, U.S. only, zero AI training.

Built for the long run

CMMC Level 1 is not one and done. We watch your posture and prep your annual reaffirmation every year, so you stay bid ready.

There is nothing else like this in the market. A cybersecurity firm, an AI compliance officer, a credentialed human officer, the book, and free resources, all in one place, built for ongoing CMMC Level 1 compliance and support. Search CMMC Level 1 and see for yourself.

Start My 7-Day Free TrialUpgrade to Officer →

7-day free trial · No credit card required · $249/mo · Cancel anytime

Frequently asked questions

How does the 7-day free trial work?+
What does the Custodia Officer plan actually include?+
How do you keep my FCI secure?+
Does Charlie or any AI train on my FCI?+
Is CMMC Level 1 mandatory for all federal contractors?+
How long does the build take?+
What if a prime pushes back on my package?+
What does ‘year-round posture watchtower’ actually do?+
Do I need a cybersecurity background to use The Platform?+
What is included in the annual re-affirmation?+
Why pay for this when I could DIY the 15 requirements?+
What is the EMEC Protocol?+