Rapid7 has launched early access to a new Cyber Governance, Risk, and Compliance (GRC) program designed to unify security operations with compliance and risk management workflows.
Built on the Rapid7 Command Platform, the Cyber GRC program uses real-time exposure data as the operational foundation for governance and compliance activities, shifting organisations away from point-in-time compliance models towards continuous, threat-aware risk management.
The company said the platform is intended to address a growing disconnect between traditional GRC processes and modern security operations, where risk evolves faster than manual audits and periodic assessments can track.
“Organisations invest heavily in security tools, but many are still left to determine how to validate control effectiveness and demonstrate compliance,” Jon Schipp, senior director of product management at Rapid7, said in a statement.
“Cyber GRC connects fragmented data across assets, exposures, and controls to the attack surface, giving teams a clear view of risk and enabling consistent, evidence-backed outcomes.”
Rapid7 said the new capability combines AI-driven third-party risk management with a live risk register that aligns controls, evidence collection, and governance decisions to active threats rather than static regulatory frameworks.
To support the initiative, Rapid7 is also building an ecosystem of audit and assurance partners around the platform, including HITRUST, Insight Assurance, and 360 Advanced. The company said these partnerships are aimed at enabling continuous assurance models across frameworks such as SOC 2, ISO 27001, HITRUST, CMMC and FedRAMP.
In addition, the Cyber GRC program introduces a range of operational features designed to automate evidence collection and improve audit readiness. These include continuous monitoring for HITRUST control coverage, consolidated user access exports for compliance reviews, unified policy reporting, and new export capabilities for vulnerability and compliance data.
Rapid7 said the Cyber GRC program is currently available through an early-access rollout, with broader availability expected later in 2026.
You can sign up for the program here.
Want to see more stories from trusted news sources?Make Cyber Daily a preferred news source on Google.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.