Solution · Cyber Insurance

See your domain exactly as underwriters see it

Before your cyber insurance quote arrived, the underwriter plugged your domain into BitSight or SecurityScorecard. That automated scan checked your DMARC policy, SSL certificate, open ports, and HTTP headers, then attached a risk score to your application. ComplianceLayer runs the same checks, so you see the same picture before the renewal.

Run Free Scan →View Sample Report
Use CasePre-audit assessment
Primary ValueNo claim-denial surprises
SurfaceFull domain scan report
AccessExternal only — no credentials
15+
Scan modules
4
Risk categories checked
1
Scan = pre-audit readiness
$0
Required for first scan
Workflow

From scan to renewal confidence

Three steps. Fix issues before the underwriter finds them.

Step 01
Scan your domain

Enter your domain. ComplianceLayer runs the same external checks that underwriters use — DMARC, SSL, open ports, HTTP headers. No credentials, no internal access required.

DMARCSSL/TLSOpen ports
Step 02
See your score

Get an A-F grade with a breakdown of every finding. See exactly which issues would trigger manual underwriting review, premium increases, or coverage exclusions.

GradeRisk flagsImpact
Step 03
Fix before renewal

Get prioritized remediation steps. Fix DMARC policy, close exposed ports, add HSTS — and move from a C to a B in under a week. Go into renewal with the best possible score.

RemediationRe-scanProof
Frameworks

Mapped to what insurers check

Insurance-relevant risk categories alongside the compliance frameworks your auditors ask for.

Cyber Insurance
Insurance Requirements
Match what underwriters check: DMARC policy, SSL grade, exposed ports, and HTTP headers. Know your score before the application.
SOC 2
Trust Services Criteria
Map email auth and infrastructure findings to Common Criteria controls. Evidence ready for auditor delivery.
NIST CSF
Cybersecurity Framework
External posture mapped to Identify, Protect, and Detect functions. Suitable for federal and enterprise environments.
ISO 27001
Information Security
Align domain scan results to Annex A controls for ISMS evidence packages and certification readiness.
CIS Controls
CIS Critical Controls
Coverage for network monitoring, secure configuration, and email/web browser protections from domain-level scans.
HIPAA
Healthcare Security
Support Security Rule evidence for covered entities and business associates. Domain hygiene as part of the picture.
Capabilities

What gets scanned

The four categories that drive the most weight in underwriting decisions — plus DNS and a full grade report.

Email authentication check
Verify DMARC policy, SPF record, and DKIM alignment. A domain without DMARC at p=reject is a red flag on every carrier scorecard.
SSL/TLS configuration
Detect expired certs, legacy TLS 1.0/1.1, and missing HSTS. Underwriters use SSL grade as a proxy for overall infrastructure hygiene.
Open port exposure
Flag exposed RDP (3389), Telnet (23), and FTP (21). Exposed RDP is one of the highest-risk signals in underwriting — some carriers exclude ransomware coverage when it's open.
HTTP security headers
Check for missing Content-Security-Policy, X-Frame-Options, and HSTS. Missing headers are weighted risk signals on most carrier scorecards.
DNS security
Validate DNSSEC, check for dangling DNS records, and detect subdomain takeover risks. DNS hygiene signals operational maturity to underwriters.
Full grade report
Get an A-F grade with prioritized findings and remediation steps. Know exactly which issues will trigger manual review, premium adjustment, or coverage exclusions.
Scan Result

See exactly what the underwriter will flag

A ComplianceLayer scan produces the same signal an underwriter gets from BitSight or SecurityScorecard — before your application is submitted. Fix the issues that matter, document the improvement, and walk into renewal with full visibility. Grade C or below can mean 15–30% premium increases, ransomware exclusions, or carrier decline.

Domain Scan Result
yourdomain.com · Mar 28, 2026
Pre-Audit
DMARC Policyp=none — WARN
SSL GradeB — TLS 1.2
Open Ports3389 exposed
HTTP Headers Score70 / 100
Overall GradeC — 61 / 100
Insurance Risk LevelHigh — review likely
TriggersManual reviewPremium adj.RDP exclusion

Run your pre-audit scan before the underwriter does

See your domain score, fix what matters, and walk into renewal with no surprises. Free scan — no credentials required.

Run Free Scan →See full pricing →

No account required for first scan. See full pricing →