How can we help?

Common Questions

What iOS version do I need?

Zero Day Command requires iOS 18.0 or later. ARIA's full on-device AI (Apple Foundation Models) requires iOS 26.0 or later. On iOS 18–25, ARIA uses a curated intelligence library — full gameplay is maintained.

What is ARIA?

ARIA (AI Response Intelligence Advisor) is your on-device incident analyst. She observes the board state each turn and delivers intelligence in incident-response language. On iOS 26+, she uses Apple Foundation Models for live on-device inference. She observes — she never tells you what to do.

Is there an internet connection required?

No. Zero Day Command is fully offline. All AI inference is on-device. No data is sent anywhere.

How does the Adaptive Threat Engine work?

The threat actor weighs target value, path resistance, stealth preference, and urgency each turn. It tracks your defensive patterns — isolating the same routes repeatedly causes it to probe alternatives. No two runs resolve identically.

What is the After-Action Report?

When a mission ends, ARIA generates a full post-mortem: incident reconstruction, a commander assessment of your decisions, an optimal response playbook, and a security intelligence brief connecting the game mechanics to real incident response frameworks (NIST CSF, the kill chain, evidence handling).

What does "Give Up" do?

You can abandon a mission at any time and request a full debrief. ARIA explains what was done wrong, what should have been done, and why — making it a learning tool as much as a game mechanic.

Is there a tutorial?

Yes. An interactive spotlight tutorial walks you through a sample operation step by step — pointing to each element, asking you to tap it, and explaining why after each action.

Does it work on iPad?

Yes, iPad is fully supported on iPadOS 18.0 and later.

Framework & Certification Questions

How does the game map to NIST SP 800-61?

Every turn cycle mirrors the four 800-61 phases directly. Phase 1 (Intel) surfaces new indicators — Detection & Analysis. Phase 3 (Action) covers Containment via ISOLATE and Eradication & Recovery via RESTORE. The After-Action Report closes with Post-Incident Activity: kill chain reconstruction and lessons learned. The resource model — especially Evidence Quality gating safe action — is a mechanical implementation of the "evidence before escalation" principle in 800-61.

Is Zero Day Command useful for CySA+ (CS0-003) study?

It reinforces concepts rather than testing knowledge. CS0-003 Domain 4 (Incident Response) and Domain 2 (Vulnerability Management) are the most directly simulated. Playing through containment decisions, building evidence before acting, and reading the After-Action Report make those domains intuitive rather than abstract — but the game is not a substitute for exam prep materials.

Is Zero Day Command useful for GCIH study?

Yes — GCIH is the most direct certification alignment in the game. The PICERL lifecycle (Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned) is the structural spine of every mission. Evidence handling, kill chain analysis, and the formal post-incident lessons-learned debrief all appear explicitly. If you are studying for GCIH, the game is useful reinforcement alongside SANS course materials.

Is this affiliated with CompTIA, GIAC/SANS, ISC², or NIST?

No. Zero Day Command is an independent iOS game. It has no affiliation with, endorsement from, or certification by CompTIA, GIAC, SANS Institute, ISC², NIST, CISA, or MITRE. Framework alignment is based on the developer's own mapping of game mechanics to publicly available framework documentation.

Can I use this for team training or tabletop exercises?

Yes. The game requires no infrastructure and runs fully offline — hand it to a new analyst before their first tabletop exercise and it will prime them on prioritisation, evidence discipline, and communication timing. It does not replace a facilitated tabletop exercise, but it is a useful zero-setup complement.

What frameworks does the game cover?

NIST SP 800-61 Rev. 3 (primary), NIST CSF 2.0 (Detect and Respond functions, RS.CO, RS.AN, RC.RP), MITRE ATT&CK (kill chain, deception countermeasures, threat actor modeling), PICERL, and ISO/IEC 27035 concepts appear in the After-Action Report. See the Framework Alignment section of the homepage for the full mechanic-to-framework mapping.