BASTION is reader-supported. We keep the site free and independent by earning commissions from some of the products and services we recommend. Here's exactly how that works โ in plain English, as the FTC requires.
How we make money
Amazon Associates. As an Amazon Associate, we earn from qualifying purchases. When you buy hardware through our Amazon links, we may receive a small commission at no additional cost to you.
Software & service partners. We participate in affiliate programs for security software and services (for example VPN, password management, identity protection, and compliance tools). If you sign up through our link, we may earn a commission or referral fee.
Our own products. Some resources we link to โ such as our compliance kit โ are products we create and sell directly.
What this does NOT change
You never pay more. Commissions are paid by the retailer or vendor, not by you. Prices are identical whether you use our link or not.
No pay-for-placement. No brand can buy a spot on a list, a higher rating, or a recommendation. We only feature things we would deploy ourselves.
Prices come from the source. We don't quote or store live prices; you'll always see the current price on the retailer's own site.
Our promise
Recommendations are based on hands-on judgment about what best protects a small government contractor โ not on which program pays the most. If a commission ever conflicts with giving you the right answer, the right answer wins.
Not professional advice. BASTION provides practical, educational guidance from a working practitioner. It is not legal, financial, or accredited-assessor (C3PAO) advice, and using our recommendations does not guarantee passing a CMMC assessment. Your assessor makes the final compliance determination.