cyber.trackr.live is a personal project I’ve made public. It costs nothing to use and collects nothing about you. In exchange, please read these terms before relying on it for anything that matters.
Last updated: 3 May 2026
cyber.trackr.live is built and maintained by Robert Weber as a personal side project. There is no company behind it, no team, no SLA, and no support contract. When “I” appears on this page, that’s who it means.
Cyber Trackr is not affiliated with, endorsed by, or sponsored by the Department of Defense, DISA, NIST, or any other government agency. Treat anything you find here as a convenience layer over those agencies’ published work, not a substitute for it.
The site is a browseable mirror of public DoD and NIST compliance data, plus a few helper tools (CKL viewer, plan generator, baseline heat map, search). It exists to make that material easier to find and cross-reference.
Nothing here is legal, regulatory, security, or compliance advice. Output from the plan generator is a starting draft, not an authoritative System Security Plan. The CKL viewer renders and edits checklists in your browser; the resulting files are your work, not mine. If a control, mapping, or rule on this site differs from the authoritative source, the authoritative source wins. Always.
For decisions that touch a real ATO package, audit, or live system, verify against the official publishers:
The data on this site is redistributed unmodified and synced on a manual cadence (the footer shows the last DISA and NIST sync timestamps). Between syncs, the upstream sources may have moved on.
There are no user accounts on this site. There is no analytics provider tracking your visits across the web. The server logs the same kind of HTTP request data every web server logs — IP, user agent, path, status — and that’s it.
The Plan Generator and CKL Viewer keep their drafts in your browser’s localStorage. That data never leaves your device. You can clear it any time by clearing site data in your browser.
The service is provided as-is and as-available, without warranty of any kind — including, without limitation, warranties of merchantability, fitness for a particular purpose, accuracy, completeness, timeliness, or non-infringement. I make a good-faith effort to keep the data current and the site working, but I make no guarantee of either.
To the maximum extent permitted by applicable law, in no event shall I be liable for any indirect, incidental, special, consequential, or punitive damages, or any loss of profits, revenue, data, or goodwill, arising out of or related to your use of (or inability to use) this site — even if I’ve been advised of the possibility of such damages.
The application code that powers this site is licensed under GNU AGPL-3.0-or-later. You can read it, run it, fork it, and modify it — with the catch that if you run a modified version as a network service, you have to publish your changes under the same license. The full text is in the LICENSE file in the repo.
The compliance datasets (STIGs, SCAP, CCI, NIST 800-53, OSCAL profiles) are works of the U.S. Government, in the public domain within the United States, and redistributed here unmodified. The AGPL on the surrounding code does not apply to them. Full attributions are in NOTICE.md.
Features may be added, modified, or removed at any time. The site itself may go offline for maintenance, due to a hosting issue, or because I decide to stop running it. There’s no commitment of continuous availability.
These terms may be updated when the project changes meaningfully. The “Last updated” date at the top reflects the current revision. If you’ve been relying on the site for something material, it’s worth re-reading this page once in a while.
These terms are governed by the laws of the United States and the Commonwealth of Virginia, without regard to conflict-of-law principles. If any clause turns out to be unenforceable, the rest of the terms still apply.