Iris scans your defense contracts for compliance clauses, tells you exactly what you need to do, and maps obligations to CMMC, NIST 800-171, and 330+ frameworks — automatically.
Iris does in minutes what takes compliance teams weeks — and catches what they miss.
Drop in PDFs and Word docs. Iris finds every DFARS, FAR, ITAR, and EAR clause — across your entire contract portfolio. No clause missed, regardless of how it's worded.
AI reads each clause and tells you exactly what to do — not "comply with ITAR" but "register with DDTC, designate an Empowered Official, screen all personnel for U.S. person status."
Synthesizes all obligations across all contracts into a single, prioritized action plan. Grouped by domain, assigned by role, ranked by urgency. Hand it to your team.
Maps contract clauses to CMMC, NIST 800-171, ISO 27001, and 330+ other frameworks. Shows exactly which controls you need and which you already cover.
Goes deeper than control-level mapping. Evaluates each of the 297 CMMC assessment objectives individually — the level of detail a C3PAO assessor expects.
Iris is a desktop app. Your contract documents stay on your machine. Only extracted clause text is sent for AI analysis — never the original document. Ever.
From contract scanning to framework compliance — one tool.
PDF.js and mammoth.js extract text locally. No cloud processing.
Built-in library catches DFARS, FAR, ITAR, EAR, CUI, and flow-down language.
Built-in AI included. Or bring your own: Anthropic, OpenAI, Azure, Gemini, Ollama.
See which clauses appear in which contracts. One view across your entire portfolio.
Critical, high, medium, low — based on regulatory impact and penalty risk.
Specific tasks a compliance officer can assign. Not restatements of regulations.
SCF-powered cross-reference: CMMC, NIST, ISO, SOC 2, FedRAMP, HIPAA, and more.
All 297 assessment objectives evaluated individually. Novel depth nobody else offers.
Professional reports with severity badges, obligation checklists, and action plans.
Microsoft 365 SSO. Scan documents from SharePoint Online and OneDrive for Business.
Monitors document sources. Notifies you when new contracts appear or change.
Enterprise customers add their own clause patterns. Import/export between instances.
Push findings to ControlPoint GRC. Updates CUI scoping, SSP, and POA&M automatically.
Flags contracts approaching their anniversary. Never miss a compliance review cycle.
One sign-in handles licensing, SharePoint, and OneDrive. No separate credentials.
REST API for programmatic scanning. Integrate Iris into your CI/CD or GRC pipeline.
From contract documents to compliance action plan in four steps.
Drop in PDFs or Word docs from your desktop, network share, SharePoint, or OneDrive. Iris recursively scans all subfolders.
Regex detection catches every DFARS, FAR, ITAR, EAR, CUI, and flow-down reference. Builds a cross-contract compliance matrix.
AI analyzes each clause and tells you exactly what your company needs to do — specific, actionable, assignable tasks.
Auto-maps obligations to CMMC, NIST 800-171, and 330+ frameworks. Shows gaps down to individual assessment objectives.
AI analysis included in every paid tier. No per-scan charges.
Compare Iris to how you're doing it today.
| Capability | Manual / Spreadsheets | Legal Review | ControlPoint Iris |
|---|---|---|---|
| Scan 75 contracts | Weeks | Weeks + $$$ | Minutes |
| Catch every clause | Human error | Depends on attorney | Exhaustive regex + AI |
| Actionable obligations | Manual interpretation | Yes, expensive | AI-generated checklists |
| Cross-contract matrix | Manual spreadsheet | Not their job | Automatic |
| Framework mapping | Separate project | Not their scope | 337 frameworks, instant |
| CMMC AO-level gaps | Doesn't exist | Doesn't exist | 297 objectives evaluated |
| Documents stay local | Yes | Shared with firm | Desktop app |
| Ongoing monitoring | Manual | Per-engagement | Auto-rescan + alerts |
Download ControlPoint Iris and scan your first contract in minutes.