InfoRelay/ ScoreGuard
Downloads · Contact
InfoRelay·ScoreGuard

DoD Cyber Hygiene Scorecard automation.
Stop hand-merging CSVs into Excel.BETA · v0.1

Your monthly Cyber Maintenance Hardening Scorecard takes hours of copying PowerShell CSV output across three Excel files. ScoreGuard ingests the same per-server local-user CSVs + the AD-audit CSV you already produce, auto-populates Sections 1 + 3, walks you through the manual sections, and emits a paste-ready workbook with provenance for every cell.

⬇ Download for Windows Why this exists
Local-only · talks to nothing outside your machine Single 17 MB binary · no installer · UAC self-elevates Drop-in for your existing PowerShell + batch workflow DoD CUI-safe by design · no telemetry
Why it exists

The monthly scorecard takes hours and accumulates mistakes.

If your current workflow involves scheduled tasks, batch files, and a chain of three Excel workbooks before the final scorecard, ScoreGuard collapses it to four steps.

📜 Today: PowerShell + batch + Excel

  • Scheduled task on every Windows Server 2022 emits a per-host local-user CSV
  • Scheduled task on a DC dumps an AD-audit CSV (Priv / Disabled / NMC / Active / Service / Computers)
  • Batch files consolidate to a share folder
  • Three intermediate Excel files pivot it for the final paste

⚠ The pain

  • Manual merge is error-prone — a missed row drifts the percentage
  • Privileged-group rules ("NMC Admins", "RSA Exempt") encoded as cell formulas
  • Each scorecard revision means re-checking every site's columns
  • You can't diff against last month — there's no source of truth

✓ With ScoreGuard

  • Drop the same CSVs your scripts already produce — no workflow change
  • Privileged-group + MFA + PKI rules configured per env in Settings
  • Sections 1 + 3 auto-computed; manual entry for Sections 4-8
  • History snapshots persist every month for next-month diffs

🎯 Audience

  • ISSOs / ISSMs running the scorecard on a recurring cycle
  • Cyber teams whose orgs use the Cyber Maintenance Hardening Scorecard template
  • Sites already using the MS-script + AD-dump pattern
  • Anyone tired of opening Excel three times to make one number
v0.1 surface

Four steps. 47 cells. One job: a paste-ready scorecard.

The monthly flow

📥

Import

Drop per-server local-user CSVs + the AD-audit CSV. Tab- or comma-separated; tolerant of column-name variations. Re-uploading a server's CSV replaces its previous parse.

🔍

Preview

Every computed cell shown with its provenance — auto / manual / empty. PKI counts, RSA SecurID totals, password-only-priv breakdown, server-2022 counts, all derived live.

Manual

Sections 4-8 — ATO (eMASS), endpoint (ePO), STIG CAT-I, IAVA, Cyber Awareness % — captured in one form. Values persist between sessions.

📤

Export

Multi-sheet xlsx — Overview + per-section + Legend. Color-coded rows (auto/manual/empty) so you can paste straight into the official Cyber Maintenance Hardening Scorecard template.

🗂

History

Every export freezes the draft + the xlsx under ~/.netguard/scoreguard/history/. Re-download any month or diff against the prior baseline.

Configurable per environment

Privileged-group rules

List the local + AD groups that should flag a user as privileged ("Administrators", "NMC Admins", "Splunk Administrators", etc.). One per line.

🔑

MFA / IFS group mappings

Map an AD group to its MFA solution label ("RSA Exempt = RSA SecurID"). Counts flow into the per-solution sub-cells.

🚫

Default-account exclusions

DefaultAccount, Guest, WDAGUtilityAccount, krbtgt — configurable; different orgs have different factory defaults.

Coming next

v0.2 📡

Live LDAP + WinRM push mode

Skip the PowerShell scripts entirely — ScoreGuard queries AD + every Server 2022 host directly. Same UI, opt-in toggle.

v0.3 📊

Fill the official template in place

Drop in your site's copy of the official scorecard xlsx; ScoreGuard fills the cells in their target positions, preserving formatting.

v0.3 🔄

Drift detection

Diff this month's numbers against last month's snapshot — flag spikes in disabled-priv counts or sudden ATO regressions.

Get ScoreGuard

v0.1 beta · single binary · ~17 MB

No installer. Double-click → UAC self-elevates → native window opens on 127.0.0.1:9966. Configure your org metadata + privileged-group rules, drop your CSVs, export.

🪟 Windows
10/11 x64 · UAC self-elevate · WebView2
scoreguard-0.1-windows-x64.zip
🍎 macOS
Apple Silicon · 13+
scoreguard-0.1-macos-arm64.zip
🐧 Linux
x86_64 · GTK + WebKit2
scoreguard-0.1-linux-x86_64.zip

First-launch checklist

  1. Download the platform zip + extract.
  2. Double-click the binary. UAC prompts on Windows — click Yes.
  3. App opens on 127.0.0.1:9966. Open ⚙ Settings; fill in org name + your privileged-group rules + MFA-group mappings.
  4. Click 📥 Import → upload your monthly per-server local-user CSVs (one per server) and the AD-audit CSV. Hostnames are extracted from filenames.
  5. Click 🔍 Preview to see auto-computed Sections 1 + 3. Then ✍ Manual for Sections 4-8.
  6. Click 📤 Export → download the workbook and snapshot to history.
Beta feedback: licensing@inforelay.ai. Drop-in for your existing CSV-producing scripts — v0.2 will add live LDAP + WinRM and let you retire the scheduled-task chain.

Pricing not yet published — beta access is free. Production tiering will follow the InfoRelay family pattern (Solo / Team / Site, annual per site).

Operating posture

What ScoreGuard does, and what it never does.

✓ Does

  • Parses local-user CSVs + AD-audit CSV you already produce
  • Computes scorecard cells locally — provenance on every value
  • Stores draft + history under ~/.netguard/scoreguard/
  • Logs every action to an append-only audit file you can review
  • Binds only to 127.0.0.1:9966

✗ Never does

  • No telemetry. No usage tracking. No phone-home.
  • No outbound network — your CUI data never leaves the host
  • No installer, no service, no scheduled task created on install
  • No external LLM. No SaaS dependency.
  • No automatic upload of generated workbooks anywhere