Your Score
0/100 Not started
Free Evaluation Resource

2026 Tabletop Exercise
Platform Buyer's Guide

Evaluate any ICS/OT tabletop exercise platform with this 100-point checklist. Eight categories, forty criteria — built to help security teams, procurement leaders, and MSSPs choose the right exercise platform for their program.

Start Evaluation ↓ Why Purpose-Built?

Why You Need a Dedicated Evaluation Framework

Not all exercise platforms are equal. Some are built specifically for tabletop exercises; others offer it as a feature within a broader security product. This guide gives you a structured, vendor-neutral scoring framework so you can make an objective comparison — whether you're evaluating your first platform or considering a switch.

Check each criterion your candidate platform meets. The running score (top of page) updates in real time. Use the score interpretation table to benchmark your findings.

📋
40 Evaluation Criteria
Across 8 categories covering AI, MSSP support, compliance, deployment, integrations, and pricing.
⚖️
100-Point Scoring
Weighted by real-world impact. Categories that differentiate enterprise-grade platforms carry more weight.
🏢
MSSP & Enterprise Focus
Criteria are designed for multi-client MSSP operators and enterprise OT/ICS security programs.

How to Use This Guide

Evaluation Checklist — Check each criterion your candidate platform satisfies
1 Scenario Library Quality 15 pts
0 / 15

The scenario library is the foundation of your exercise program. Quantity, relevance to your sectors, and framework alignment determine how much time you spend creating vs. running exercises.

  • 50+ pre-built OT/ICS scenarios covering critical infrastructure sectors (energy, water, healthcare, transport) 65+ curated scenarios across 15+ sectors
    3 pts
  • Scenarios are natively mapped to NERC CIP, NIS2, NIST CSF, or IEC 62443 standards All 65 scenarios tagged to 12+ frameworks with gap reporting
    3 pts
  • Custom scenario creation with structured templates (scenario builder or wizard) 5-step builder with injects, actors, MITRE ATT&CK, and standards tagging
    3 pts
  • AI-assisted scenario generation from a text prompt generate-scenario Edge Function — full scenario + injects from a paragraph
    3 pts
  • Scenario sharing marketplace or community library for peer-developed content Facilitator Marketplace — browse, install, rate, and publish scenarios
    3 pts
2 AI & Automation Capabilities 15 pts
0 / 15

AI capabilities determine how much manual preparation, facilitation, and documentation burden falls on your team. This is one of the largest operational differentiators between platforms.

  • Real-time AI coaching overlay for facilitators during live exercises (not just pre-built tips) Coach Assist — coaching_tip + probing_questions + time_note, live via API
    3 pts
  • AI-generated After Action Reports (AARs) that summarize findings and recommendations automatically Anthropic claude-haiku — instant AI AAR from session data in seconds
    3 pts
  • AI-powered scenario recommendations based on your past exercise history and coverage gaps Embedding-based semantic recommendations via get-recommendations Edge Function
    3 pts
  • AI-generated adaptive (dynamic) injects that respond to exercise progress mid-session generate-inject Edge Function — context-aware injects spliced into live sessions
    3 pts
  • AI-powered incident intelligence (stakeholder mapping, evidence artifacts, SITREP generation) incident-intelligence Edge Function — 4 query types, real-time overlay
    3 pts
3 MSSP & Multi-Client Support 15 pts
0 / 15

For MSSPs managing multiple client organizations, single-tenant platforms create massive operational overhead. True MSSP support means native multi-tenancy — not workarounds.

  • Native multi-client portal — manage all client organizations from one login Unlimited client orgs, scoped exercise history, per-client analytics
    3 pts
  • Per-client white-labeling: custom logo, brand colors, and client-branded portal URL slug/logo_url/accent_color per client org; /c/{slug} branded links
    3 pts
  • MSSP portfolio analytics — exercise frequency, sector coverage, dormancy alerts across all clients MSSP Portfolio Dashboard with dormancy badges, 4-page PDF export
    3 pts
  • Client agreement and SLA tracking — with automated fulfillment progress reporting client_agreements table; AI SLA extraction; fulfillment_pct per agreement
    3 pts
  • Facilitator seat management — invite, revoke, and roster management per client invite-member / remove-member Edge Functions; team roster with seat limits
    3 pts
4 Compliance & Regulatory Coverage 15 pts
0 / 15

Compliance evidence generation is one of the highest-value features for regulated industries. Platforms that automate this save your team dozens of hours per audit cycle.

  • 10+ compliance frameworks natively mapped (NERC CIP, NIS2, NIST CSF, IEC 62443, ISO 27001, etc.) 12 frameworks: NERC CIP, NIS2, NIST CSF, IEC 62443, ISO 27001, HIPAA, TSA SD, NIST 800-82, SOC 2, CISA CPG, CMMC, NIST Privacy
    3 pts
  • Automated compliance evidence package generation — multi-page audit-ready PDF per framework 6-page evidence PDF per framework: controls, exercise log, gaps, timeline, attestation
    3 pts
  • Framework gap analysis with control-level readiness scoring and remediation timeline Compliance Dashboard — coverage matrix, readiness scores, gap-to-control mapping
    3 pts
  • Insurance carrier report templates (Chubb, AIG, Beazley, Coalition or equivalent) insurance-reports.html — 4 carrier templates, 7-page PDF per carrier
    3 pts
  • MITRE ATT&CK for ICS technique coverage mapping and blind-spot identification 78 ICS techniques, 12 tactics, interactive matrix, coverage heatmap
    3 pts
5 Deployment Flexibility 10 pts
0 / 10

OT/ICS environments often have no internet connectivity, strict network segmentation, and globally distributed teams. Deployment flexibility determines where you can actually run your program.

  • Offline exercise delivery — fully functional without internet (air-gapped / field environments) AES-256-GCM encrypted offline pack — full exercise runner, no cloud required
    2 pts
  • Mobile participant join without app installation (browser-based) join.html — browser-based real-time join, any device, no install
    2 pts
  • Multi-language platform support (2+ languages with full translation, not just UI strings) Full platform in EN/FR/PT/ES — exercise runner, AI prompts, and compliance pages
    2 pts
  • Multi-channel inject delivery during live exercises (email, SMS, Slack/Teams) manage-inject-channels — email, Twilio SMS, Slack/Teams/webhook delivery
    2 pts
  • Live threat intelligence integration during exercises (CISA KEV or equivalent feed) threat-feed Edge Function — live CISA KEV pull, sector scoring, CVE-tagged alerts
    2 pts
6 Participant Experience & Engagement 10 pts
0 / 10

Participant engagement directly affects the realism and learning value of exercises. Platforms that treat participants as passive observers miss the point of a tabletop.

  • Real-time participant session view — live step display, synchronized with facilitator Supabase Realtime — participants see steps, injects, and updates live
    2 pts
  • Structured response collection and facilitator scoring per question step session_responses table — submit, score ★/★★/★★★, leaderboard broadcast
    2 pts
  • Gamification features — achievements, badges, leaderboards to drive engagement 28 badges, 8 categories, 5 ranks, team leaderboard, user_scores tracking
    2 pts
  • Facilitator certification program with verifiable certificate (PDF or digital credential) CTEP L1/L2 quiz engine — server-side grading, cert PDF, unique cert number
    2 pts
  • Participant quick-view role cards during exercises (role-specific context) Phase 7A — role-specific context panels visible to each participant
    2 pts
7 Integration & Open Standards 10 pts
0 / 10

Exercise data is most valuable when it flows into your existing security and training ecosystem. Open integrations prevent data silos and support automation of compliance workflows.

  • Public REST API with API key management and documented endpoints public-api Edge Function — /scenarios, /sessions endpoints; portal API key CRUD
    2 pts
  • Webhook and SIEM integrations — push exercise events to security operations tooling manage-integrations — webhook/Slack/Teams/SIEM; 8 event types dispatched
    2 pts
  • xAPI statement export and SCORM package generation for LMS integration manage-lrs — xAPI 1.0.3 statements; SCORM 1.2 and SCORM 2004 export
    2 pts
  • ServiceNow or Jira ticketing integration — auto-create tickets from exercise gaps manage-ticketing — Jira Cloud + ServiceNow; AES-256-GCM credential encryption
    2 pts
  • Enterprise SSO — SAML 2.0 or OIDC with DNS domain verification manage-sso — SAML 2.0 + OIDC, DNS TXT proof-of-ownership, Supabase Management API
    2 pts
8 Pricing Transparency & Business Value 10 pts
0 / 10

Hidden pricing, enterprise-quote-only tiers, and per-exercise fees obscure the true cost of ownership. Transparency signals vendor confidence and simplifies your procurement process.

  • Public pricing published on the website — no "contact sales" required for standard tiers Free / Pro / Team / Enterprise — all prices public at landing.html#pricing
    2 pts
  • Free tier or trial available without credit card for initial evaluation Free plan — unlimited read access, 2 live sessions/month, no card required
    2 pts
  • Seat-based pricing at enterprise scale with transparent per-seat cost Enterprise: 1,000 seats at $9,990/mo annually — fully disclosed
    2 pts
  • ROI calculator or benchmarking tools to justify platform cost internally mssp-roi.html — live ROI calculator with prep/report/labour savings breakdown
    2 pts
  • No vendor lock-in — data export via API, open standards (SCORM/xAPI), no proprietary formats REST API, SCORM, xAPI, JSON export — your data is always accessible
    2 pts

Score Interpretation

Score Range Maturity Level What It Means
0 – 40 pts Basic Limited capability. Significant gaps for enterprise or MSSP use. Suitable for one-off exercises only.
41 – 70 pts Capable Covers the fundamentals. Lacks advanced AI automation, MSSP features, or compliance depth. May require supplemental tooling.
71 – 90 pts Enterprise-Ready Strong across most areas. Supports enterprise programs with minor gaps. Good fit for most regulated industries.
91 – 100 pts Best-in-Class Comprehensive, purpose-built platform. Covers AI, MSSP, compliance, integrations, and participant experience at depth.

10 Questions to Ask Any Vendor

Bring these questions to any platform demo. The answers reveal how deeply a feature is built into the platform — versus marketed but limited in practice.

How Skyhigh Scores on This Guide

For reference — here is how Skyhigh Cybersecurity performs against all 8 evaluation categories in this guide.

15
/ 15 pts
Scenario Library Quality
15
/ 15 pts
AI & Automation
15
/ 15 pts
MSSP & Multi-Client
15
/ 15 pts
Compliance & Regulatory
10
/ 10 pts
Deployment Flexibility
10
/ 10 pts
Participant Experience
10
/ 10 pts
Integration & API
10
/ 10 pts
Pricing & Business Value
100
/ 100 pts
Best-in-Class

We encourage you to score any platform you evaluate — including ours — using this checklist independently. We're confident in the result.

Ready to See Skyhigh in Action?

Start your first exercise in under an hour. Free plan available — no credit card required.

Start Free Today → Why Purpose-Built? Contact Sales
📊

Save Your Evaluation

Get your score emailed to you — great for sharing with your team.

No spam. One email only. Unsubscribe anytime.

Check your inbox — your evaluation is on its way!
📊 Save your evaluation score