Skip to main content

Section 508 Audits

Section 508 Accessibility Audit Services

Reduce procurement risk and produce defensible Section 508 conformance evidence. 508Audit evaluates websites, applications, digital services, and documents for federal agencies, higher education, healthcare, and government contractors — with manual testing performed by DHS Trusted Tester credentialed evaluators and reporting built for contracting officers, program managers, and prime delivery teams.

  • Manual accessibility testing aligned to public-sector expectations
  • Findings mapped to Section 508 and WCAG criteria
  • Clear remediation guidance for internal teams and vendors
  • Support for procurement reviews, remediation planning, and retesting
Public-sector accessibility focusProcurement-aware documentationFounder-led deliveryDHS Trusted Tester credentialed evaluatorsSAM.gov registered

Who this service is for

Built for the buyers who own accessibility outcomes.

Section 508 audits at 508Audit are scoped around the buyer who actually has to defend the conformance claim — whether that's a program office, a vendor in procurement review, or a prime contractor closing out a deliverable.

Federal agencies

Section 508 program offices, CIO and digital service teams, and acquisition shops that need independent conformance evidence for systems they own, procure, or modernize.

State & local government

Cities, counties, and state agencies adopting Section 508 by reference or preparing public-facing services for ADA Title II review.

Higher education

Accessibility offices, web teams, and procurement leads validating LMS, student systems, and public sites against Section 508 and WCAG.

Government contractors

Primes and subs delivering ICT to federal customers that need audit-grade evidence behind their VPAT/ACR and contract deliverables.

Vendors preparing for procurement review

SaaS and commercial software vendors that need a defensible Section 508 audit before a VPAT/ACR is submitted into a federal, state, or higher-ed procurement.

What 508Audit evaluates

Scope across the digital surface area public-sector buyers actually review.

Marketing & public-facing websites

Page templates, components, navigation, and high-traffic content paths used by constituents, vendors, and applicants.

Authenticated applications

Logged-in workflows, dashboards, and case-management tools for staff, partners, and citizen-facing services.

SaaS products

Commercial SaaS used by federal, state, local, or higher-ed customers — evaluated in the configurations buyers will actually receive.

Forms & workflows

Multi-step applications, eligibility flows, registration, and intake — evaluated end-to-end with keyboard and assistive technology.

PDFs & public documents

Tagged PDFs, forms, reports, and notices included in the audit scope when they support the user task under review.

Representative templates & flows

A sampling plan that covers the page templates, component patterns, and user journeys most likely to drive procurement and user-impact risk.

What is included

A complete Section 508 audit, scoped to your delivery and procurement needs.

  • Scope planning and audit-charter alignment
  • Representative sample selection across templates and flows
  • Manual expert review by a credentialed evaluator
  • Automated scan support (axe-core, Lighthouse, Pa11y)
  • Keyboard-only operability review
  • Screen reader checks (NVDA, JAWS, VoiceOver)
  • Form, error state, and validation review
  • Color contrast and reflow review
  • Issue logging with severity and prioritization
  • Remediation recommendations by issue type
  • Optional retest and validation pass
  • Optional VPAT / ACR preparation or update

Have a Section 508 deliverable coming due?

Send the in-scope systems list. We respond with audit scope, evaluator assignments, and turnaround within one business day.

Testing approach

Rigorous and practical — built for delivery teams, not academic checklists.

Every evaluation is performed by a DHS Trusted Tester credentialed evaluator using the DHS Section 508 Trusted Tester process — manual expert review, keyboard operability, assistive-technology testing, and practical remediation guidance grounded in Section 508 requirements and WCAG success criteria.

Evidence-led testing

Every finding is reproducible and traceable to a tested artifact — screen, document, or workflow.

Criterion-mapped

Issues are tied to specific Section 508 and WCAG success criteria so reviewers can audit your audit.

User-impact framing

Findings include who is affected (assistive-tech, keyboard, low-vision, cognitive) and why it matters for the user task.

Deliverables

Documentation that survives procurement and program-office review.

Executive summary

Plain-language overview for program leadership, CORs, and Section 508 program offices — risk areas, severity distribution, and recommended next steps.

Detailed issue log

Every issue with location, evidence, severity, user impact, WCAG/508 criterion, and a remediation recommendation.

Criterion mapping

A line-of-sight from each finding back to the specific Section 508 standard and WCAG success criterion that grounds it.

Severity & impact notes

Critical / Major / Minor calibrated to user impact and procurement risk — not just count or scanner score.

Remediation recommendations

Concrete fix guidance: code patterns, ARIA usage, content changes, or structural updates — written for developers and content owners.

Retest & VPAT/ACR option

Optional retest pass with validation status, and optional VPAT/ACR preparation or refresh on the validated baseline.

Audit scope & timeline

Scope reflects your environment — not a one-size template.

Each Section 508 audit is scoped to the work that actually needs to be evaluated. There is no flat list of pages, and there is no inflated effort. Scope and timeline are sized to the buyer's procurement, remediation, or reporting calendar.

  • Number of page templates and component patterns in scope
  • Number of user flows and authenticated workflows
  • Application complexity (single-page, multi-step, role-based)
  • Document volume (PDFs, Word, PowerPoint) included in scope
  • Procurement, reporting, or contract-deliverable deadlines
  • Need for remediation guidance, retest, or VPAT/ACR support

Pricing guidance

Section 508 audits are scoped — not sold by the page.

Engagements start at

$5,500

Section 508 audits start at $5,500 for narrowly scoped digital properties and are quoted based on templates, workflows, application complexity, document volume, and reporting requirements.

Complex applications, authenticated portals, multi-property environments, and procurement-driven accessibility reviews are typically scoped separately.

Why 508Audit for Section 508 audits

Built to do what flat-rate audit shops cannot.

Public-sector focus

Section 508 is what we do. Engagements are scoped around federal, state and local, higher-ed, and prime-contractor delivery — not generic web accessibility.

Practical remediation guidance

Findings come with fixes a developer or content owner can implement, not just a citation and a severity tag.

Procurement-aware documentation

Deliverables are written for the people who actually have to defend them — CORs, OIG reviewers, Section 508 program offices, and prime compliance leads.

Founder-led accountability

Principals on every engagement. No layered subcontracting, no junior-staff swap-outs after the SOW is signed.

Section 508 audit FAQ

  • What is included in a Section 508 accessibility audit?
    A Section 508 audit includes scope planning, representative sample selection, manual accessibility testing, automated scan support, keyboard and screen reader review, form and error-state evaluation, color contrast review, an issue log mapped to Section 508 and WCAG criteria with severity and remediation guidance, and optional retest/validation. Findings are written for both technical teams and procurement reviewers.
  • How is a Section 508 audit different from a VPAT?
    A Section 508 audit is the testing engagement that produces evidence about how a product conforms. A VPAT (or ACR) is the documentation artifact summarizing conformance for procurement and vendor review. A defensible VPAT/ACR should be backed by audit-grade testing, which is why many buyers and vendors pair an audit with VPAT/ACR support.
  • Do you audit both websites and applications?
    Yes. 508Audit evaluates marketing sites, public-facing websites, authenticated web applications, SaaS products, mobile web, forms, and complex workflows. Scope is defined around representative page templates, user flows, and document types in scope for Section 508.
  • Can 508Audit review PDFs and documents as part of the audit?
    Yes. PDFs, Word documents, PowerPoint files, and public-facing forms can be included in audit scope. For large document libraries we typically recommend pairing the audit with a dedicated document accessibility engagement.
  • Do you support remediation after the audit?
    Yes. 508Audit offers remediation support engagements that include issue prioritization, working sessions with development and content teams, review of proposed fixes, and validation. Audit and remediation engagements are scoped separately so the conformance claim in the audit stays arms-length.
  • Can you retest fixes after remediation?
    Yes. Retest and validation can be scoped at the close of an audit, after a remediation milestone, or before a VPAT/ACR is updated. Retest results include validation status (Open / Fixed / Verified) and the evidence captured on closure.
  • Do you work with government contractors and vendors?
    Yes. A significant portion of 508Audit's work supports prime contractors delivering ICT to federal customers and commercial vendors selling SaaS into government, higher education, and state/local procurements.

Need a Section 508 audit for a website, application, or public-sector digital service?

Tell us what's in scope and when it needs to be reviewed. We'll respond with audit scope, evaluator assignments, and turnaround within one business day.